10341000x800000000000000011763Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.900{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F89-5FB6-0000-0010A7331D00}3808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011762Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.884{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F6D-5FB6-0000-0010A4B91A00}3808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011761Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.884{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F6D-5FB6-0000-0010A4B91A00}3808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011760Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.790{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F6C-5FB6-0000-0010C0B51A00}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011759Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.790{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F6C-5FB6-0000-0010C0B51A00}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011758Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.790{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F6C-5FB6-0000-0010C0B51A00}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011757Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:45.728{2CC55DE6-6F89-5FB6-0000-0010352A1D00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c44-0\PresentationFramework.Royale.dll2020-11-19 13:13:45.728 10341000x800000000000000011756Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.525{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F89-5FB6-0000-0010352A1D00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011755Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.509{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F72-5FB6-0000-0010D43D1B00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011754Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.509{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F72-5FB6-0000-0010D43D1B00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011753Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.462{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F89-5FB6-0000-001066261D00}2240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011752Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.447{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F89-5FB6-0000-001066261D00}2240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011751Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.447{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F89-5FB6-0000-001066261D00}2240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011750Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:45.384{2CC55DE6-6F89-5FB6-0000-00102F211D00}2020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\7e4-0\PresentationFramework.Luna.dll2020-11-19 13:13:45.384 10341000x800000000000000011749Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.119{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F89-5FB6-0000-00102F211D00}2020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011748Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.103{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F89-5FB6-0000-00102F211D00}2020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011747Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:45.103{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F89-5FB6-0000-00102F211D00}2020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011746Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:44.994{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F88-5FB6-0000-0010611D1D00}3684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011770Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:46.759{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F6D-5FB6-0000-00100FC01A00}5024C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011769Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:46.759{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F6D-5FB6-0000-00100FC01A00}5024C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011768Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:46.759{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F6D-5FB6-0000-00100FC01A00}5024C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011767Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:46.697{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F8A-5FB6-0000-00109D391D00}868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011766Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:46.681{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F6D-5FB6-0000-0010B8BC1A00}868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011765Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:46.681{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F6D-5FB6-0000-0010B8BC1A00}868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011764Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:46.587{2CC55DE6-6F89-5FB6-0000-0010A7331D00}3808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ee0-0\PresentationUI.dll2020-11-19 13:13:46.587 11241100x800000000000000011778Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:48.947{2CC55DE6-6F8C-5FB6-0000-0010DD461D00}4072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fe8-0\SMDiagnostics.dll2020-11-19 13:13:48.947 10341000x800000000000000011777Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:48.853{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F8C-5FB6-0000-0010DD461D00}4072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011776Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:48.853{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F8C-5FB6-0000-0010DD461D00}4072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011775Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:48.853{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F8C-5FB6-0000-0010DD461D00}4072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011774Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:48.806{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F8C-5FB6-0000-00105D431D00}4328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011773Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:48.790{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F5D-5FB6-0000-001064461A00}4328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011772Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:48.790{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F5D-5FB6-0000-001064461A00}4328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011771Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:48.697{2CC55DE6-6F8A-5FB6-0000-0010823D1D00}5024C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\13a0-0\ReachFramework.dll2020-11-19 13:13:48.697 10341000x800000000000000011787Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:49.150{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F8D-5FB6-0000-001058541D00}6732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011786Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:49.150{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F8D-5FB6-0000-001058541D00}6732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011785Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:49.150{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F8D-5FB6-0000-001058541D00}6732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011784Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:49.072{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F8D-5FB6-0000-00100A501D00}6280C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011783Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:49.072{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F8D-5FB6-0000-00100A501D00}6280C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011782Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:49.072{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F8D-5FB6-0000-00100A501D00}6280C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000011781Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:49.009{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F8D-5FB6-0000-0010254C1D00}5784C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011780Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:49.009{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F8D-5FB6-0000-0010254C1D00}5784C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011779Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:49.009{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F8D-5FB6-0000-0010254C1D00}5784C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000011791Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:51.884{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F72-5FB6-0000-00102F661B00}6156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011790Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:51.884{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F72-5FB6-0000-00102F661B00}6156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011789Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:51.884{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F72-5FB6-0000-00102F661B00}6156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011788Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:51.697{2CC55DE6-6F8D-5FB6-0000-001058541D00}6732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1a4c-0\System.Activities.dll2020-11-19 13:13:51.697 11241100x800000000000000011795Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:52.978{2CC55DE6-6F90-5FB6-0000-00108D601D00}3628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e2c-0\System.Activities.Core.Presentation.dll2020-11-19 13:13:52.978 10341000x800000000000000011794Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:52.025{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6F90-5FB6-0000-00108D601D00}3628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011793Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:52.009{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F67-5FB6-0000-00107B501A00}3628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011792Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:52.009{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F67-5FB6-0000-00107B501A00}3628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011808Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F91-5FB6-0000-001086791D00}1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011807Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.650{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F91-5FB6-0000-001086791D00}1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011806Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.650{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F91-5FB6-0000-001086791D00}1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011805Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.572{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F91-5FB6-0000-001078741D00}3484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011804Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.556{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F91-5FB6-0000-001078741D00}3484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011803Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.556{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F91-5FB6-0000-001078741D00}3484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011802Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:53.494{2CC55DE6-6F91-5FB6-0000-00100B6E1D00}2356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\934-0\System.Activities.DurableInstancing.dll2020-11-19 13:13:53.494 10341000x800000000000000011801Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.197{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F91-5FB6-0000-00100B6E1D00}2356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011800Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.181{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F91-5FB6-0000-00100B6E1D00}2356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011799Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.181{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F91-5FB6-0000-00100B6E1D00}2356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011798Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.072{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F7F-5FB6-0000-0010FBFE1B00}7124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011797Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.072{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F7F-5FB6-0000-0010FBFE1B00}7124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011796Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:53.072{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F7F-5FB6-0000-0010FBFE1B00}7124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000011821Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.978{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F6F-5FB6-0000-001060F21A00}6680C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011820Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.978{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F6F-5FB6-0000-001060F21A00}6680C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011819Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.962{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F94-5FB6-0000-0010E68A1D00}3944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011818Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.947{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F68-5FB6-0000-00109F641A00}3944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011817Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.947{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F68-5FB6-0000-00109F641A00}3944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011816Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:56.884{2CC55DE6-6F94-5FB6-0000-00103D871D00}4180C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1054-0\System.AddIn.dll2020-11-19 13:13:56.884 10341000x800000000000000011815Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.572{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F94-5FB6-0000-00103D871D00}4180C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011814Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.556{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F94-5FB6-0000-00103D871D00}4180C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011813Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.556{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F94-5FB6-0000-00103D871D00}4180C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011812Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.478{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F94-5FB6-0000-0010B7831D00}7120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011811Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.462{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F94-5FB6-0000-0010B7831D00}7120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011810Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.462{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F94-5FB6-0000-0010B7831D00}7120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011809Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:56.244{2CC55DE6-6F91-5FB6-0000-001086791D00}1880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\758-0\System.Activities.Presentation.dll2020-11-19 13:13:56.244 10341000x800000000000000011844Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.931{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F95-5FB6-0000-0010009C1D00}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011843Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.931{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6F95-5FB6-0000-0010A79C1D00}6788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011842Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.931{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011841Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.931{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011840Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.931{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011839Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.931{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011838Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.931{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F95-5FB6-0000-0010A79C1D00}6788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011837Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.931{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6F95-5FB6-0000-0010A79C1D00}6788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000011836Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.932{2CC55DE6-6F95-5FB6-0000-0010A79C1D00}6788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000011835Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.915{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F95-5FB6-0000-0010009C1D00}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011834Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.915{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F95-5FB6-0000-0010009C1D00}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011833Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.822{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F95-5FB6-0000-001050981D00}2660C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011832Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.822{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F95-5FB6-0000-001050981D00}2660C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011831Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.822{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F95-5FB6-0000-001050981D00}2660C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011830Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:57.744{2CC55DE6-6F95-5FB6-0000-0010A4941D00}6800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1a90-0\System.ComponentModel.Composition.dll2020-11-19 13:13:57.744 10341000x800000000000000011829Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.150{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F6F-5FB6-0000-00100BEE1A00}6800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011828Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.150{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F6F-5FB6-0000-00100BEE1A00}6800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011827Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.150{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F6F-5FB6-0000-00100BEE1A00}6800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011826Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.103{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F95-5FB6-0000-001025911D00}4516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011825Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.087{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F6F-5FB6-0000-00107CF61A00}4516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011824Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:57.087{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F6F-5FB6-0000-00107CF61A00}4516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011823Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:57.040{2CC55DE6-6F94-5FB6-0000-0010E18D1D00}6680C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1a18-0\System.AddIn.Contract.dll2020-11-19 13:13:57.040 10341000x800000000000000011822Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:56.993{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F94-5FB6-0000-0010E18D1D00}6680C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011874Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.806{2CC55DE6-6F96-5FB6-0000-001013B51D00}53122924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011873Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F96-5FB6-0000-0010C1B41D00}4876C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011872Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.665{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6F96-5FB6-0000-001013B51D00}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011871Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011870Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011869Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011868Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011867Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.665{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F96-5FB6-0000-001013B51D00}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011866Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.665{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6F96-5FB6-0000-001013B51D00}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000011865Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.666{2CC55DE6-6F96-5FB6-0000-001013B51D00}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000011864Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.650{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F96-5FB6-0000-0010C1B41D00}4876C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011863Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.650{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F96-5FB6-0000-0010C1B41D00}4876C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011862Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.603{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F96-5FB6-0000-0010B6B01D00}2444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011861Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.587{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F96-5FB6-0000-0010B6B01D00}2444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011860Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.587{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F96-5FB6-0000-0010B6B01D00}2444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011859Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:58.525{2CC55DE6-6F96-5FB6-0000-00103DAC1D00}5400C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1518-0\System.Data.DataSetExtensions.dll2020-11-19 13:13:58.525 10341000x800000000000000011858Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.431{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F96-5FB6-0000-00103DAC1D00}5400C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011857Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.415{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F96-5FB6-0000-00103DAC1D00}5400C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011856Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.415{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F96-5FB6-0000-00103DAC1D00}5400C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011855Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.337{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F96-5FB6-0000-001097A81D00}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011854Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.322{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F96-5FB6-0000-001097A81D00}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011853Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.322{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F96-5FB6-0000-001097A81D00}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011852Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:58.275{2CC55DE6-6F96-5FB6-0000-0010C8A41D00}6472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1948-0\System.ComponentModel.DataAnnotations.dll2020-11-19 13:13:58.275 10341000x800000000000000011851Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.150{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F96-5FB6-0000-0010C8A41D00}6472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011850Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.150{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F96-5FB6-0000-0010C8A41D00}6472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011849Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.150{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F96-5FB6-0000-0010C8A41D00}6472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011848Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.103{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F96-5FB6-0000-00102DA11D00}2580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011847Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.087{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F78-5FB6-0000-0010FC8F1B00}2580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011846Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:58.087{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F78-5FB6-0000-0010FC8F1B00}2580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011845Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:13:58.025{2CC55DE6-6F95-5FB6-0000-0010009C1D00}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1914-0\System.ComponentModel.Composition.Registration.dll2020-11-19 13:13:58.025 10341000x800000000000000011882Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:59.165{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6F97-5FB6-0000-001071BA1D00}2320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011881Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:59.165{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011880Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:59.165{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011879Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:59.165{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011878Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:59.165{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011877Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:59.165{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F97-5FB6-0000-001071BA1D00}2320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011876Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:59.165{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6F97-5FB6-0000-001071BA1D00}2320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000011875Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:13:59.166{2CC55DE6-6F97-5FB6-0000-001071BA1D00}2320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000011891Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:00.650{2CC55DE6-6F98-5FB6-0000-001077BC1D00}66682584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011890Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:00.509{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6F71-5FB6-0000-001052201B00}6668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011889Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:00.509{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011888Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:00.509{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011887Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:00.509{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011886Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:00.509{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011885Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:00.509{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F71-5FB6-0000-001052201B00}6668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011884Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:00.509{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6F71-5FB6-0000-001052201B00}6668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000011883Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:00.510{2CC55DE6-6F98-5FB6-0000-001077BC1D00}6668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000011908Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.931{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6F99-5FB6-0000-00104DC01D00}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011907Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.931{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011906Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.931{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011905Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.931{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011904Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.931{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011903Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.931{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F99-5FB6-0000-00104DC01D00}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011902Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.931{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6F99-5FB6-0000-00104DC01D00}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000011901Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.932{2CC55DE6-6F99-5FB6-0000-00104DC01D00}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000011900Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.400{2CC55DE6-6F99-5FB6-0000-0010FDBD1D00}29041152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011899Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.259{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6F99-5FB6-0000-0010FDBD1D00}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011898Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.259{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011897Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.259{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011896Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.259{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011895Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.259{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011894Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.259{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F99-5FB6-0000-0010FDBD1D00}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011893Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.259{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6F99-5FB6-0000-0010FDBD1D00}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000011892Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:01.260{2CC55DE6-6F99-5FB6-0000-0010FDBD1D00}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000011909Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:02.087{2CC55DE6-6F99-5FB6-0000-00104DC01D00}45804988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011917Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:03.040{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6F9B-5FB6-0000-001074C21D00}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011916Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:03.040{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011915Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:03.040{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011914Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:03.040{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011913Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:03.040{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011912Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:03.040{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F9B-5FB6-0000-001074C21D00}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011911Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:03.040{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6F9B-5FB6-0000-001074C21D00}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000011910Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:03.041{2CC55DE6-6F9B-5FB6-0000-001074C21D00}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000011924Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:06.634{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F9E-5FB6-0000-001042C91D00}3980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011923Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:06.618{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F88-5FB6-0000-00109A141D00}3980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011922Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:06.618{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F88-5FB6-0000-00109A141D00}3980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011921Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:06.540{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F9E-5FB6-0000-001057C51D00}2920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011920Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:06.525{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F88-5FB6-0000-0010A90F1D00}2920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011919Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:06.525{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F88-5FB6-0000-0010A90F1D00}2920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011918Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:06.290{2CC55DE6-6F96-5FB6-0000-0010C1B41D00}4876C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\130c-0\System.Data.Entity.dll2020-11-19 13:14:06.290 10341000x800000000000000011931Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:07.400{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F9F-5FB6-0000-0010FBD11D00}6660C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011930Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:07.384{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F84-5FB6-0000-001043731C00}6660C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011929Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:07.384{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F84-5FB6-0000-001043731C00}6660C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011928Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:07.306{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F9F-5FB6-0000-0010FACD1D00}2976C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011927Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:07.290{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F88-5FB6-0000-001067181D00}2976C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011926Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:07.290{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F88-5FB6-0000-001067181D00}2976C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011925Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:07.212{2CC55DE6-6F9E-5FB6-0000-001042C91D00}3980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\f8c-0\System.Data.Entity.Design.dll2020-11-19 13:14:07.212 10341000x800000000000000011938Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:08.743{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA0-5FB6-0000-001029DA1D00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011937Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:08.728{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FA0-5FB6-0000-001029DA1D00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011936Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:08.728{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA0-5FB6-0000-001029DA1D00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011935Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:08.650{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA0-5FB6-0000-001033D61D00}3552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011934Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:08.650{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FA0-5FB6-0000-001033D61D00}3552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011933Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:08.650{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA0-5FB6-0000-001033D61D00}3552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011932Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:08.556{2CC55DE6-6F9F-5FB6-0000-0010FBD11D00}6660C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1a04-0\System.Data.Linq.dll2020-11-19 13:14:08.556 10341000x800000000000000011945Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:09.415{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA1-5FB6-0000-001036E31D00}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011944Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:09.400{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F89-5FB6-0000-0010242F1D00}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011943Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:09.400{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F89-5FB6-0000-0010242F1D00}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011942Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:09.306{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA1-5FB6-0000-001052DE1D00}212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011941Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:09.290{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FA1-5FB6-0000-001052DE1D00}212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011940Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:09.290{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA1-5FB6-0000-001052DE1D00}212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011939Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:09.212{2CC55DE6-6FA0-5FB6-0000-001029DA1D00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a48-0\System.Data.OracleClient.dll2020-11-19 13:14:09.212 10341000x800000000000000011952Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:10.572{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA2-5FB6-0000-001075ED1D00}736C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011951Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:10.556{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FA2-5FB6-0000-001075ED1D00}736C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011950Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:10.556{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA2-5FB6-0000-001075ED1D00}736C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011949Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:10.509{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA2-5FB6-0000-0010E5E91D00}4108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011948Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:10.493{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F84-5FB6-0000-0010A3801C00}4108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011947Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:10.493{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F84-5FB6-0000-0010A3801C00}4108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011946Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:10.415{2CC55DE6-6FA1-5FB6-0000-001036E31D00}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1620-1\System.Data.Services.dll2020-11-19 13:14:10.415 10341000x800000000000000011966Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.806{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA3-5FB6-0000-001066FD1D00}3996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011965Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.806{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FA3-5FB6-0000-001066FD1D00}3996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011964Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.806{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA3-5FB6-0000-001066FD1D00}3996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011963Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.743{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA3-5FB6-0000-001025FA1D00}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011962Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.728{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F84-5FB6-0000-001081911C00}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011961Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.728{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F84-5FB6-0000-001081911C00}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011960Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:11.665{2CC55DE6-6FA3-5FB6-0000-00108DF51D00}6916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1b04-0\System.Data.Services.Design.dll2020-11-19 13:14:11.665 10341000x800000000000000011959Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.384{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA3-5FB6-0000-00108DF51D00}6916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011958Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.384{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FA3-5FB6-0000-00108DF51D00}6916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011957Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.384{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA3-5FB6-0000-00108DF51D00}6916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011956Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.290{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA3-5FB6-0000-001053F11D00}5024C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011955Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.275{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F8A-5FB6-0000-0010823D1D00}5024C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011954Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:11.275{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F8A-5FB6-0000-0010823D1D00}5024C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011953Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:11.212{2CC55DE6-6FA2-5FB6-0000-001075ED1D00}736C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\2e0-0\System.Data.Services.Client.dll2020-11-19 13:14:11.212 10341000x800000000000000011980Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.978{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA5-5FB6-0000-0010920D1E00}5204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011979Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.962{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FA5-5FB6-0000-0010920D1E00}5204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011978Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.962{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA5-5FB6-0000-0010920D1E00}5204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011977Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.884{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA5-5FB6-0000-00105B091E00}6236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011976Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.868{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F72-5FB6-0000-001087691B00}6236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011975Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.868{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F72-5FB6-0000-001087691B00}6236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011974Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:13.790{2CC55DE6-6FA5-5FB6-0000-00105C051E00}4500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1194-0\System.Deployment.dll2020-11-19 13:14:13.790 10341000x800000000000000011973Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.181{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA5-5FB6-0000-00105C051E00}4500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011972Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.165{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F84-5FB6-0000-001067991C00}4500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011971Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.165{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F84-5FB6-0000-001067991C00}4500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011970Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.118{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA5-5FB6-0000-0010A8011E00}7152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011969Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.103{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FA5-5FB6-0000-0010A8011E00}7152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011968Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:13.103{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA5-5FB6-0000-0010A8011E00}7152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011967Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:13.025{2CC55DE6-6FA3-5FB6-0000-001066FD1D00}3996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\f9c-0\System.Data.SqlXml.dll2020-11-19 13:14:13.025 10341000x800000000000000011994Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.899{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA9-5FB6-0000-0010731D1E00}2224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011993Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.884{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F7F-5FB6-0000-001025091C00}2224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011992Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.884{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F7F-5FB6-0000-001025091C00}2224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011991Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.837{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA9-5FB6-0000-0010F5191E00}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011990Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.821{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FA9-5FB6-0000-0010F5191E00}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011989Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.821{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA9-5FB6-0000-0010F5191E00}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011988Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:17.775{2CC55DE6-6FA9-5FB6-0000-00109E161E00}5824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\16c0-0\System.Device.dll2020-11-19 13:14:17.775 10341000x800000000000000011987Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.712{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA9-5FB6-0000-00109E161E00}5824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011986Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.696{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F7F-5FB6-0000-001092031C00}5824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011985Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.696{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F7F-5FB6-0000-001092031C00}5824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011984Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FA9-5FB6-0000-00104E131E00}3368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011983Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.650{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FA9-5FB6-0000-00104E131E00}3368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011982Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:17.650{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA9-5FB6-0000-00104E131E00}3368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011981Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:17.446{2CC55DE6-6FA5-5FB6-0000-0010920D1E00}5204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1454-0\System.Design.dll2020-11-19 13:14:17.446 10341000x800000000000000012014Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.978{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FAA-5FB6-0000-001088331E00}3648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012013Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.978{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAA-5FB6-0000-001088331E00}3648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012012Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.931{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAA-5FB6-0000-0010F72F1E00}6528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012011Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.931{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FAA-5FB6-0000-0010F72F1E00}6528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012010Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.931{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAA-5FB6-0000-0010F72F1E00}6528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012009Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:18.868{2CC55DE6-6FAA-5FB6-0000-0010112C1E00}5236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1474-0\System.Drawing.Design.dll2020-11-19 13:14:18.868 10341000x800000000000000012008Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.728{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAA-5FB6-0000-0010112C1E00}5236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012007Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.728{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FAA-5FB6-0000-0010112C1E00}5236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012006Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.728{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAA-5FB6-0000-0010112C1E00}5236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012005Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.681{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAA-5FB6-0000-00109C281E00}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012004Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.665{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FAA-5FB6-0000-00109C281E00}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012003Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.665{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAA-5FB6-0000-00109C281E00}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012002Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:18.603{2CC55DE6-6FAA-5FB6-0000-0010D4241E00}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1884-0\System.DirectoryServices.Protocols.dll2020-11-19 13:14:18.603 10341000x800000000000000012001Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.400{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAA-5FB6-0000-0010D4241E00}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012000Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.400{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FAA-5FB6-0000-0010D4241E00}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011999Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.400{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAA-5FB6-0000-0010D4241E00}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000011998Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.353{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAA-5FB6-0000-001053211E00}6328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011997Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.353{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FAA-5FB6-0000-001053211E00}6328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011996Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.353{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAA-5FB6-0000-001053211E00}6328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000011995Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:18.275{2CC55DE6-6FA9-5FB6-0000-0010731D1E00}2224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\8b0-0\System.DirectoryServices.AccountManagement.dll2020-11-19 13:14:18.275 10341000x800000000000000012030Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.915{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAB-5FB6-0000-0010C7421E00}1280C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012029Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.900{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FAB-5FB6-0000-0010C7421E00}1280C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012028Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.900{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAB-5FB6-0000-0010C7421E00}1280C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012027Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.837{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAB-5FB6-0000-0010C53E1E00}6772C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012026Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.821{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FAB-5FB6-0000-0010C53E1E00}6772C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012025Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.821{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAB-5FB6-0000-0010C53E1E00}6772C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012024Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:19.712{2CC55DE6-6FAB-5FB6-0000-0010753A1E00}5112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\13f8-0\System.EnterpriseServices.dll2020-11-19 13:14:19.712 11241100x800000000000000012023Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:19.696{2CC55DE6-6FAB-5FB6-0000-0010753A1E00}5112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\13f8-0\System.EnterpriseServices.Wrapper.dll2020-11-19 13:14:19.696 10341000x800000000000000012022Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.306{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAB-5FB6-0000-0010753A1E00}5112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012021Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.290{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FAB-5FB6-0000-0010753A1E00}5112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012020Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.290{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAB-5FB6-0000-0010753A1E00}5112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012019Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.259{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAB-5FB6-0000-0010F7361E00}2656C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012018Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.243{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FAB-5FB6-0000-0010F7361E00}2656C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012017Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:19.243{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAB-5FB6-0000-0010F7361E00}2656C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012016Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:19.181{2CC55DE6-6FAA-5FB6-0000-001088331E00}3648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e40-0\System.Dynamic.dll2020-11-19 13:14:19.181 10341000x800000000000000012015Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:18.993{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAA-5FB6-0000-001088331E00}3648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012044Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.775{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAD-5FB6-0000-00105E571E00}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012043Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.759{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FAD-5FB6-0000-00105E571E00}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012042Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.759{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAD-5FB6-0000-00105E571E00}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012041Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.696{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAD-5FB6-0000-001035531E00}6944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012040Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.681{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F87-5FB6-0000-0010E2EC1C00}6944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012039Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.681{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F87-5FB6-0000-0010E2EC1C00}6944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012038Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:21.618{2CC55DE6-6FAD-5FB6-0000-0010704D1E00}4564C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11d4-0\System.IdentityModel.Selectors.dll2020-11-19 13:14:21.618 10341000x800000000000000012037Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.493{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAD-5FB6-0000-0010704D1E00}4564C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012036Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.493{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FAD-5FB6-0000-0010704D1E00}4564C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012035Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.493{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAD-5FB6-0000-0010704D1E00}4564C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012034Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.431{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAD-5FB6-0000-0010BA491E00}5248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012033Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.415{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FAD-5FB6-0000-0010BA491E00}5248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012032Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:21.415{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAD-5FB6-0000-0010BA491E00}5248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012031Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:21.321{2CC55DE6-6FAB-5FB6-0000-0010C7421E00}1280C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\500-0\System.IdentityModel.dll2020-11-19 13:14:21.321 10341000x800000000000000012072Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.946{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAE-5FB6-0000-0010B0781E00}3908C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012071Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.931{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FAE-5FB6-0000-0010B0781E00}3908C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012070Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.931{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAE-5FB6-0000-0010B0781E00}3908C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012069Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.868{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F87-5FB6-0000-00105FF51C00}6912C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012068Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.868{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F87-5FB6-0000-00105FF51C00}6912C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012067Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.868{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F87-5FB6-0000-00105FF51C00}6912C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012066Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:22.806{2CC55DE6-6FAE-5FB6-0000-0010746F1E00}4324C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\10e4-0\System.IO.Log.dll2020-11-19 13:14:22.806 10341000x800000000000000012065Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.571{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAE-5FB6-0000-0010746F1E00}4324C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012064Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.571{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FAE-5FB6-0000-0010746F1E00}4324C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012063Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.571{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAE-5FB6-0000-0010746F1E00}4324C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012062Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.509{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAE-5FB6-0000-0010DB6B1E00}6992C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012061Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.509{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FAE-5FB6-0000-0010DB6B1E00}6992C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012060Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.509{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAE-5FB6-0000-0010DB6B1E00}6992C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012059Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:22.446{2CC55DE6-6FAE-5FB6-0000-00106B681E00}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3ac-0\System.IO.Compression.FileSystem.dll2020-11-19 13:14:22.446 10341000x800000000000000012058Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.415{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAE-5FB6-0000-00106B681E00}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012057Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.400{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F7B-5FB6-0000-00101DB31B00}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012056Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.400{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F7B-5FB6-0000-00101DB31B00}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012055Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.368{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAE-5FB6-0000-001018651E00}5432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012054Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.353{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FAE-5FB6-0000-001018651E00}5432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012053Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.353{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAE-5FB6-0000-001018651E00}5432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012052Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:22.306{2CC55DE6-6FAE-5FB6-0000-001098611E00}3144C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c48-0\System.IO.Compression.dll2020-11-19 13:14:22.306 10341000x800000000000000012051Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.196{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FAE-5FB6-0000-001098611E00}3144C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012050Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.196{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FAE-5FB6-0000-001098611E00}3144C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012049Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.196{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAE-5FB6-0000-001098611E00}3144C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012048Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.150{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F87-5FB6-0000-00104CFA1C00}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012047Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.150{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F87-5FB6-0000-00104CFA1C00}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012046Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:22.150{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F87-5FB6-0000-00104CFA1C00}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012045Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:22.071{2CC55DE6-6FAD-5FB6-0000-00105E571E00}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b7c-0\System.IdentityModel.Services.dll2020-11-19 13:14:22.071 10341000x800000000000000012106Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC8-5FB6-0000-0010D5C40800}2276C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012105Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC8-5FB6-0000-0010D5C40800}2276C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012104Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012103Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012102Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012101Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012100Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012099Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012098Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012097Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012096Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012095Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012094Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012093Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012092Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012091Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012090Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012089Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012088Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012087Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012086Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012085Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012084Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012083Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012082Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012081Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012080Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012079Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012078Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012077Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012076Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012075Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012074Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012073Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:32.478{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012120Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.915{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBD-5FB6-0000-0010508D1E00}212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012119Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.899{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FA1-5FB6-0000-001052DE1D00}212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012118Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.899{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA1-5FB6-0000-001052DE1D00}212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012117Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.853{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBD-5FB6-0000-0010AB891E00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012116Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.837{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FA0-5FB6-0000-001029DA1D00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012115Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.837{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA0-5FB6-0000-001029DA1D00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012114Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:37.774{2CC55DE6-6FBD-5FB6-0000-001016861E00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c44-0\System.Management.Instrumentation.dll2020-11-19 13:14:37.774 10341000x800000000000000012113Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.603{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBD-5FB6-0000-001016861E00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012112Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.587{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F89-5FB6-0000-0010352A1D00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012111Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.587{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F89-5FB6-0000-0010352A1D00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012110Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.540{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBD-5FB6-0000-00106A821E00}7008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012109Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.524{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FBD-5FB6-0000-00106A821E00}7008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012108Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:37.524{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBD-5FB6-0000-00106A821E00}7008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012107Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:37.024{2CC55DE6-6FAE-5FB6-0000-0010B0781E00}3908C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\f44-0\System.Management.Automation.dll2020-11-19 13:14:37.024 11241100x800000000000000012142Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:38.962{2CC55DE6-6FBE-5FB6-0000-001075A21E00}6720C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1a40-0\System.Numerics.dll2020-11-19 13:14:38.962 10341000x800000000000000012141Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.821{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBE-5FB6-0000-001075A21E00}6720C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012140Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.806{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FBE-5FB6-0000-001075A21E00}6720C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012139Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.806{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBE-5FB6-0000-001075A21E00}6720C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012138Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.774{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBE-5FB6-0000-0010689F1E00}7140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012137Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.774{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FBE-5FB6-0000-0010689F1E00}7140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012136Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.774{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBE-5FB6-0000-0010689F1E00}7140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012135Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:38.712{2CC55DE6-6FBE-5FB6-0000-0010A19B1E00}4984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1378-0\System.Net.Http.WebRequest.dll2020-11-19 13:14:38.712 10341000x800000000000000012134Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.681{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBE-5FB6-0000-0010A19B1E00}4984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012133Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.665{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FBE-5FB6-0000-0010A19B1E00}4984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012132Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.665{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBE-5FB6-0000-0010A19B1E00}4984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012131Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.634{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBE-5FB6-0000-001037981E00}5460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012130Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.618{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FBE-5FB6-0000-001037981E00}5460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012129Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.618{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBE-5FB6-0000-001037981E00}5460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012128Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:38.556{2CC55DE6-6FBE-5FB6-0000-0010D2941E00}6416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1910-0\System.Net.dll2020-11-19 13:14:38.556 10341000x800000000000000012127Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.321{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBE-5FB6-0000-0010D2941E00}6416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012126Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.306{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FBE-5FB6-0000-0010D2941E00}6416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012125Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.306{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBE-5FB6-0000-0010D2941E00}6416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012124Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.259{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBE-5FB6-0000-00106C911E00}5076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012123Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.259{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FBE-5FB6-0000-00106C911E00}5076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012122Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:38.259{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBE-5FB6-0000-00106C911E00}5076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012121Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:38.181{2CC55DE6-6FBD-5FB6-0000-0010508D1E00}212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d4-0\System.Messaging.dll2020-11-19 13:14:38.181 10341000x800000000000000012162Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.978{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F85-5FB6-0000-001032A21C00}6544C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012161Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.978{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F85-5FB6-0000-001032A21C00}6544C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012160Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.978{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F85-5FB6-0000-001032A21C00}6544C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012159Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.931{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBF-5FB6-0000-0010F5B51E00}6588C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012158Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.931{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FBF-5FB6-0000-0010F5B51E00}6588C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012157Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.931{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBF-5FB6-0000-0010F5B51E00}6588C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012156Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:39.868{2CC55DE6-6FBF-5FB6-0000-001059B21E00}6156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\180c-0\System.Reflection.Context.dll2020-11-19 13:14:39.868 10341000x800000000000000012155Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.759{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBF-5FB6-0000-001059B21E00}6156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012154Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.743{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6F8F-5FB6-0000-0010C45B1D00}6156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012153Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.743{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F8F-5FB6-0000-0010C45B1D00}6156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012152Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.728{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBF-5FB6-0000-00105BAF1E00}876C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012151Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.712{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FBF-5FB6-0000-00105BAF1E00}876C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012150Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.712{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBF-5FB6-0000-00105BAF1E00}876C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012149Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:39.649{2CC55DE6-6FBF-5FB6-0000-0010F9A91E00}6580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\19b4-0\System.Printing.dll2020-11-19 13:14:39.649 10341000x800000000000000012148Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.087{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBF-5FB6-0000-0010F9A91E00}6580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012147Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.071{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FBF-5FB6-0000-0010F9A91E00}6580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012146Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.071{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBF-5FB6-0000-0010F9A91E00}6580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012145Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.024{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FBF-5FB6-0000-001019A61E00}1936C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012144Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.009{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FBF-5FB6-0000-001019A61E00}1936C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012143Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:39.009{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBF-5FB6-0000-001019A61E00}1936C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012183Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.852{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC0-5FB6-0000-00104CD01E00}5476C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012182Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.852{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FC0-5FB6-0000-00104CD01E00}5476C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012181Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.852{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC0-5FB6-0000-00104CD01E00}5476C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012180Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.806{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC0-5FB6-0000-0010FFCC1E00}3380C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012179Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.790{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FC0-5FB6-0000-0010FFCC1E00}3380C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012178Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.790{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC0-5FB6-0000-0010FFCC1E00}3380C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012177Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:40.743{2CC55DE6-6FC0-5FB6-0000-00105DC91E00}1916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\77c-0\System.Runtime.Serialization.Formatters.Soap.dll2020-11-19 13:14:40.743 10341000x800000000000000012176Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.587{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC0-5FB6-0000-00105DC91E00}1916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012175Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.571{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FC0-5FB6-0000-00105DC91E00}1916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012174Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.571{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC0-5FB6-0000-00105DC91E00}1916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012173Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.540{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F85-5FB6-0000-0010CBB91C00}4308C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012172Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.540{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6F85-5FB6-0000-0010CBB91C00}4308C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012171Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.540{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F85-5FB6-0000-0010CBB91C00}4308C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012170Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:40.478{2CC55DE6-6FC0-5FB6-0000-0010E8C01E00}5816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\16b8-0\System.Runtime.DurableInstancing.dll2020-11-19 13:14:40.478 10341000x800000000000000012169Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.243{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC0-5FB6-0000-0010E8C01E00}5816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012168Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.228{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F85-5FB6-0000-0010E6B21C00}5816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012167Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.228{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F85-5FB6-0000-0010E6B21C00}5816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012166Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.181{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC0-5FB6-0000-001003BD1E00}4636C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012165Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.165{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F85-5FB6-0000-0010F3AE1C00}4636C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012164Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:40.165{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F85-5FB6-0000-0010F3AE1C00}4636C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012163Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:40.103{2CC55DE6-6FBF-5FB6-0000-001067B91E00}6544C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1990-0\System.Runtime.Caching.dll2020-11-19 13:14:40.103 10341000x800000000000000012197Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.884{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC1-5FB6-0000-00107CE51E00}5500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012196Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.868{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FC1-5FB6-0000-00107CE51E00}5500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012195Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.868{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC1-5FB6-0000-00107CE51E00}5500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012194Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.806{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC1-5FB6-0000-001017E11E00}6160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012193Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.790{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FC1-5FB6-0000-001017E11E00}6160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012192Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.790{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC1-5FB6-0000-001017E11E00}6160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012191Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:41.728{2CC55DE6-6FC1-5FB6-0000-00101CD91E00}5260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\148c-0\System.ServiceModel.Activation.dll2020-11-19 13:14:41.728 10341000x800000000000000012190Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.368{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC1-5FB6-0000-00101CD91E00}5260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012189Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.368{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FC1-5FB6-0000-00101CD91E00}5260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012188Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.368{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC1-5FB6-0000-00101CD91E00}5260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012187Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.290{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC1-5FB6-0000-001055D41E00}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012186Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.274{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FAA-5FB6-0000-00109C281E00}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012185Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:41.274{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAA-5FB6-0000-00109C281E00}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012184Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:41.212{2CC55DE6-6FC0-5FB6-0000-00104CD01E00}5476C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1564-0\System.Security.dll2020-11-19 13:14:41.212 11241100x800000000000000012198Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:42.946{2CC55DE6-6FC1-5FB6-0000-00107CE51E00}5500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\157c-0\System.ServiceModel.Activities.dll2020-11-19 13:14:42.931 10341000x800000000000000012211Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.540{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC3-5FB6-0000-001035FC1E00}2052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012210Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.540{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FC3-5FB6-0000-001035FC1E00}2052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012209Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.540{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC3-5FB6-0000-001035FC1E00}2052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012208Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.462{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC3-5FB6-0000-001046F81E00}6472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012207Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.446{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F96-5FB6-0000-0010C8A41D00}6472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012206Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.446{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F96-5FB6-0000-0010C8A41D00}6472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012205Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:43.384{2CC55DE6-6FC3-5FB6-0000-00106EF11E00}3364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d24-0\System.ServiceModel.Channels.dll2020-11-19 13:14:43.384 10341000x800000000000000012204Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.102{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC3-5FB6-0000-00106EF11E00}3364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012203Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.087{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FC3-5FB6-0000-00106EF11E00}3364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012202Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.087{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC3-5FB6-0000-00106EF11E00}3364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012201Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.040{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC3-5FB6-0000-001059ED1E00}6212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012200Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.024{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FC3-5FB6-0000-001059ED1E00}6212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012199Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:43.024{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC3-5FB6-0000-001059ED1E00}6212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012225Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.727{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC4-5FB6-0000-0010440E1F00}2924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012224Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.712{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FC4-5FB6-0000-0010440E1F00}2924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012223Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.712{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC4-5FB6-0000-0010440E1F00}2924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012222Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.634{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC4-5FB6-0000-00103D0A1F00}4844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012221Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.618{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FC4-5FB6-0000-00103D0A1F00}4844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012220Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.618{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC4-5FB6-0000-00103D0A1F00}4844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012219Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:44.556{2CC55DE6-6FC4-5FB6-0000-001081061F00}6168C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1818-0\System.ServiceModel.Internals.dll2020-11-19 13:14:44.556 10341000x800000000000000012218Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.212{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC4-5FB6-0000-001081061F00}6168C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012217Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.196{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FC4-5FB6-0000-001081061F00}6168C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012216Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.196{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC4-5FB6-0000-001081061F00}6168C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012215Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.149{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC4-5FB6-0000-00100E031F00}1416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012214Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.149{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FC4-5FB6-0000-00100E031F00}1416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012213Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:44.149{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC4-5FB6-0000-00100E031F00}1416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012212Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:44.071{2CC55DE6-6FC3-5FB6-0000-001035FC1E00}2052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\804-0\System.ServiceModel.Discovery.dll2020-11-19 13:14:44.071 10341000x800000000000000012239Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.337{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC5-5FB6-0000-0010D6221F00}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012238Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.321{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FAE-5FB6-0000-00106B681E00}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012237Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.321{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAE-5FB6-0000-00106B681E00}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012236Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.259{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC5-5FB6-0000-0010451E1F00}6884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012235Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.243{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FC5-5FB6-0000-0010451E1F00}6884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012234Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.243{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC5-5FB6-0000-0010451E1F00}6884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012233Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:45.196{2CC55DE6-6FC5-5FB6-0000-0010AA181F00}2728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\aa8-0\System.ServiceModel.ServiceMoniker40.dll2020-11-19 13:14:45.196 10341000x800000000000000012232Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.149{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC5-5FB6-0000-0010AA181F00}2728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012231Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.134{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FC5-5FB6-0000-0010AA181F00}2728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012230Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.134{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC5-5FB6-0000-0010AA181F00}2728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012229Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.087{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC5-5FB6-0000-0010FC141F00}4520C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012228Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.087{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FC5-5FB6-0000-0010FC141F00}4520C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012227Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:45.087{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC5-5FB6-0000-0010FC141F00}4520C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012226Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:45.024{2CC55DE6-6FC4-5FB6-0000-0010440E1F00}2924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b6c-0\System.ServiceModel.Routing.dll2020-11-19 13:14:45.024 10341000x800000000000000012246Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:46.306{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC6-5FB6-0000-0010752E1F00}6244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012245Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:46.290{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FC6-5FB6-0000-0010752E1F00}6244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012244Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:46.290{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC6-5FB6-0000-0010752E1F00}6244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012243Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:46.149{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC6-5FB6-0000-0010C92A1F00}172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012242Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:46.149{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FC6-5FB6-0000-0010C92A1F00}172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012241Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:46.149{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC6-5FB6-0000-0010C92A1F00}172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012240Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:46.071{2CC55DE6-6FC5-5FB6-0000-0010D6221F00}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3ac-0\System.ServiceModel.Web.dll2020-11-19 13:14:46.071 10341000x800000000000000012253Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:47.259{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6F9F-5FB6-0000-0010FACD1D00}2976C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012252Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:47.259{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6F9F-5FB6-0000-0010FACD1D00}2976C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012251Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:47.259{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F9F-5FB6-0000-0010FACD1D00}2976C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012250Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:47.181{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FC7-5FB6-0000-001013321F00}3300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012249Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:47.165{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FC7-5FB6-0000-001013321F00}3300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012248Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:47.165{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC7-5FB6-0000-001013321F00}3300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012247Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:47.087{2CC55DE6-6FC6-5FB6-0000-0010752E1F00}6244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1864-0\System.Speech.dll2020-11-19 13:14:47.087 11241100x800000000000000012254Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:52.962{2CC55DE6-6FC7-5FB6-0000-0010BE361F00}2976C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ba0-0\System.Web.dll2020-11-19 13:14:52.962 10341000x800000000000000012274Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FCD-5FB6-0000-0010E6511F00}6844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012273Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.649{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FCD-5FB6-0000-0010E6511F00}6844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012272Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.649{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FCD-5FB6-0000-0010E6511F00}6844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012271Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.602{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FCD-5FB6-0000-0010054E1F00}6716C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012270Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.587{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FCD-5FB6-0000-0010054E1F00}6716C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012269Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.587{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FCD-5FB6-0000-0010054E1F00}6716C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012268Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:53.540{2CC55DE6-6FCD-5FB6-0000-0010504A1F00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a48-0\System.Web.ApplicationServices.dll2020-11-19 13:14:53.540 10341000x800000000000000012267Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.493{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FCD-5FB6-0000-0010504A1F00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012266Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.477{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FBD-5FB6-0000-0010AB891E00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012265Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.477{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBD-5FB6-0000-0010AB891E00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012264Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.446{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FCD-5FB6-0000-0010D0461F00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012263Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.431{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FBD-5FB6-0000-001016861E00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012262Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.431{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBD-5FB6-0000-001016861E00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012261Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:53.384{2CC55DE6-6FCD-5FB6-0000-00104E431F00}7008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1b60-0\System.Web.Abstractions.dll2020-11-19 13:14:53.384 10341000x800000000000000012260Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.352{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FCD-5FB6-0000-00104E431F00}7008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012259Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.337{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FBD-5FB6-0000-00106A821E00}7008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012258Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.337{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBD-5FB6-0000-00106A821E00}7008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012257Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.227{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6FCD-5FB6-0000-0010633E1F00}3908C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012256Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.212{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FAE-5FB6-0000-0010B0781E00}3908C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012255Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:53.212{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAE-5FB6-0000-0010B0781E00}3908C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012285Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:55.901{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FCF-5FB6-0000-001088631F00}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012284Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:55.886{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FCF-5FB6-0000-001088631F00}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012283Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:55.886{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FCF-5FB6-0000-001088631F00}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012282Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:55.823{2CC55DE6-6FCF-5FB6-0000-0010A85E1F00}6552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1998-0\System.Web.DataVisualization.Design.dll2020-11-19 13:14:55.823 10341000x800000000000000012281Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:55.635{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FCF-5FB6-0000-0010A85E1F00}6552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012280Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:55.619{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FCF-5FB6-0000-0010A85E1F00}6552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012279Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:55.619{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FCF-5FB6-0000-0010A85E1F00}6552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012278Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:55.572{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FCF-5FB6-0000-0010995A1F00}7048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012277Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:55.557{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FCF-5FB6-0000-0010995A1F00}7048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012276Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:55.557{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FCF-5FB6-0000-0010995A1F00}7048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012275Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:55.416{2CC55DE6-6FCD-5FB6-0000-0010E6511F00}6844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1abc-0\System.Web.DataVisualization.dll2020-11-19 13:14:55.416 10341000x800000000000000012332Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7227|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012331Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7192|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012330Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012329Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012328Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7227|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012327Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7192|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012326Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012325Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012324Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7227|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012323Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7192|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012322Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012321Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012320Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\System32\windows.storage.dll+13656e|C:\Windows\System32\windows.storage.dll+e6aac|C:\Windows\System32\windows.storage.dll+e6888|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012319Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+13655c|C:\Windows\System32\windows.storage.dll+e6aac|C:\Windows\System32\windows.storage.dll+e6888|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012318Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.965{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+13655c|C:\Windows\System32\windows.storage.dll+e6aac|C:\Windows\System32\windows.storage.dll+e6888|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012317Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.886{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\iertutil.dll+36d81|C:\Windows\SYSTEM32\iertutil.dll+36930|C:\Windows\SYSTEM32\iertutil.dll+34b5c|C:\Windows\SYSTEM32\iertutil.dll+34f0f|C:\Windows\SYSTEM32\iertutil.dll+480c8|C:\Windows\SYSTEM32\IEFRAME.dll+2bb1c2|C:\Windows\SYSTEM32\IEFRAME.dll+c63f5|C:\Windows\SYSTEM32\IEFRAME.dll+f7ba8|C:\Windows\SYSTEM32\IEFRAME.dll+f7ab0|C:\Windows\SYSTEM32\IEFRAME.dll+2e821|C:\Windows\SYSTEM32\IEFRAME.dll+2a83a6|C:\Windows\SYSTEM32\IEFRAME.dll+152634|C:\Windows\SYSTEM32\IEFRAME.dll+ccc61|C:\Windows\SYSTEM32\IEFRAME.dll+1526bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012316Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.871{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365108C:\Windows\system32\csrss.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012315Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.746{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\iertutil.dll+26f1c|C:\Windows\SYSTEM32\iertutil.dll+27ff3|C:\Windows\SYSTEM32\iertutil.dll+368c1|C:\Windows\SYSTEM32\iertutil.dll+34b5c|C:\Windows\SYSTEM32\iertutil.dll+34f0f|C:\Windows\SYSTEM32\iertutil.dll+480c8|C:\Windows\SYSTEM32\IEFRAME.dll+2bb1c2|C:\Windows\SYSTEM32\IEFRAME.dll+c63f5|C:\Windows\SYSTEM32\IEFRAME.dll+f7ba8|C:\Windows\SYSTEM32\IEFRAME.dll+f7ab0|C:\Windows\SYSTEM32\IEFRAME.dll+2e821|C:\Windows\SYSTEM32\IEFRAME.dll+2a83a6|C:\Windows\SYSTEM32\IEFRAME.dll+152634|C:\Windows\SYSTEM32\IEFRAME.dll+ccc61|C:\Windows\SYSTEM32\IEFRAME.dll+1526bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012314Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.746{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012313Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.746{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012312Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.746{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012311Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.746{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000012310Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.741{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\iexplore.exe11.00.14393.2007 (rs1_release.171231-1800)Internet ExplorerInternet ExplorerMicrosoft CorporationIEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5044 CREDAT:82945 /prefetch:2C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=7D930D55986DF5C69CF1A9C2DE7E33B3,SHA256=BEBB0D2229700C6A62B7811985061DC75F6279AB0FF8747C47CCADB6CC2CC462,IMPHASH=E7542C041AAD637F8E6918BBE235A488{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" 10341000x800000000000000012309Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.730{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012308Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.715{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012307Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.480{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012306Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.480{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012305Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.465{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\IEFRAME.dll+cd905|C:\Windows\SYSTEM32\IEFRAME.dll+cd883|C:\Windows\SYSTEM32\IEFRAME.dll+cd7fd|C:\Windows\SYSTEM32\IEFRAME.dll+cd60e|C:\Windows\SYSTEM32\IEFRAME.dll+2a80d0|C:\Windows\SYSTEM32\IEFRAME.dll+152634|C:\Windows\SYSTEM32\IEFRAME.dll+ccc61|C:\Windows\SYSTEM32\IEFRAME.dll+1526bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012304Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.465{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012303Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.465{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012302Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.449{2CC55DE6-6BC6-5FB6-0000-001085470800}44204872C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13711|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000012301Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.449{2CC55DE6-6BC6-5FB6-0000-001085470800}44204872C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13624|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000012300Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.449{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13d1e|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+8635|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+853f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17343|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7 13241300x800000000000000012299Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDBSetValue2020-11-19 13:14:56.433{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Internet Explorer\iexplore.exeBinary Data 12241200x800000000000000012298Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDBDeleteValue2020-11-19 13:14:56.418{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Internet Explorer\iexplore.exe 10341000x800000000000000012297Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.418{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041424C:\Windows\System32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012296Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.418{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041424C:\Windows\System32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012295Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.418{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012294Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.418{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012293Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.418{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012292Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.418{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012291Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.418{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012290Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.418{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926984C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+13755f|C:\Windows\System32\windows.storage.dll+1371d5|C:\Windows\System32\windows.storage.dll+136cc6|C:\Windows\System32\windows.storage.dll+138138|C:\Windows\System32\windows.storage.dll+136aee|C:\Windows\System32\windows.storage.dll+10a3b5|C:\Windows\System32\windows.storage.dll+10a734|C:\Windows\System32\windows.storage.dll+109d70|C:\Windows\System32\windows.storage.dll+1241fa|C:\Windows\System32\windows.storage.dll+123f5a|C:\Windows\System32\SHELL32.dll+77991|C:\Windows\System32\SHELL32.dll+767f6|C:\Windows\System32\SHELL32.dll+110821|C:\Windows\System32\SHELL32.dll+7888e|C:\Windows\System32\windows.storage.dll+12f9e|C:\Windows\System32\windows.storage.dll+131a1|C:\Windows\System32\windows.storage.dll+12ddf|C:\Windows\System32\SHELL32.dll+1108a7|C:\Windows\System32\SHELL32.dll+7888e|C:\Windows\System32\SHLWAPI.dll+e1d7 154100x800000000000000012289Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.409{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe11.00.14393.2007 (rs1_release.171231-1800)Internet ExplorerInternet ExplorerMicrosoft CorporationIEXPLORE.EXE"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Administrator\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=DED3D744D46A5CE7965CE2B75B54958A,SHA256=70C9616C026266BB3A1213BCC50E3A9A24238703FB7745746628D11163905D2F,IMPHASH=9BB01C801600CEBDCA166D0534E98CE6{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x800000000000000012288Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.074{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-001054691F00}6124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012287Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.058{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD0-5FB6-0000-001054691F00}6124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012286Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:56.058{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD0-5FB6-0000-001054691F00}6124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012366Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.933{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FD1-5FB6-0000-0010129E1F00}7056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012365Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.933{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012364Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.933{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012363Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.933{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012362Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.933{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012361Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.933{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD1-5FB6-0000-0010129E1F00}7056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012360Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.933{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FD1-5FB6-0000-0010129E1F00}7056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000012359Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.934{2CC55DE6-6FD1-5FB6-0000-0010129E1F00}7056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000012358Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.886{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD1-5FB6-0000-0010A59A1F00}1932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012357Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.886{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD1-5FB6-0000-0010A59A1F00}1932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012356Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.886{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD1-5FB6-0000-0010A59A1F00}1932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012355Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.824{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FA9-5FB6-0000-0010F5191E00}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012354Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.824{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FA9-5FB6-0000-0010F5191E00}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012353Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.824{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA9-5FB6-0000-0010F5191E00}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012352Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:57.762{2CC55DE6-6FD1-5FB6-0000-00106F911F00}1548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\60c-0\System.Web.DynamicData.Design.dll2020-11-19 13:14:57.762 10341000x800000000000000012351Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.683{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD1-5FB6-0000-00106F911F00}1548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012350Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.668{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD1-5FB6-0000-00106F911F00}1548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012349Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.668{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD1-5FB6-0000-00106F911F00}1548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012348Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.621{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD1-5FB6-0000-0010188D1F00}924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012347Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.605{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD1-5FB6-0000-0010188D1F00}924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012346Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.605{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD1-5FB6-0000-0010188D1F00}924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012345Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.543{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012344Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.543{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000012343Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:57.543{2CC55DE6-6FD1-5FB6-0000-00100F831F00}1060C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\424-0\System.Web.DynamicData.dll2020-11-19 13:14:57.543 10341000x800000000000000012342Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.261{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012341Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.261{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012340Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.261{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24923704C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012339Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.261{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24923704C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012338Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.261{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012337Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.261{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012336Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.152{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD1-5FB6-0000-00100F831F00}1060C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012335Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.152{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD1-5FB6-0000-00100F831F00}1060C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012334Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:57.152{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD1-5FB6-0000-00100F831F00}1060C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 11241100x800000000000000012333Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:57.043{2CC55DE6-6FD0-5FB6-0000-001054691F00}6124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\17ec-0\System.Web.Extensions.dll2020-11-19 13:14:57.043 10341000x800000000000000012396Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.840{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012395Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.824{2CC55DE6-6FD2-5FB6-0000-0010F6B31F00}68005540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012394Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.715{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD2-5FB6-0000-001084B71F00}5652C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012393Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.699{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FD2-5FB6-0000-001084B71F00}5652C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012392Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.699{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD2-5FB6-0000-001084B71F00}5652C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012391Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.668{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012390Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.668{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FD2-5FB6-0000-0010F6B31F00}6800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012389Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.668{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012388Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.668{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012387Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.668{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012386Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.668{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012385Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.668{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD2-5FB6-0000-0010F6B31F00}6800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012384Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.668{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FD2-5FB6-0000-0010F6B31F00}6800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000012383Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.668{2CC55DE6-6FD2-5FB6-0000-0010F6B31F00}6800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000012382Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.652{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD2-5FB6-0000-001026B11F00}4428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012381Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.636{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FD2-5FB6-0000-001026B11F00}4428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012380Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.636{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD2-5FB6-0000-001026B11F00}4428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012379Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.605{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012378Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.605{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012377Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.543{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD2-5FB6-0000-001041AB1F00}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012376Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.543{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD2-5FB6-0000-001041AB1F00}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012375Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.527{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD2-5FB6-0000-001041AB1F00}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012374Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:58.480{2CC55DE6-6FD2-5FB6-0000-001089A51F00}4792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12b8-0\System.Web.Entity.Design.dll2020-11-19 13:14:58.480 10341000x800000000000000012373Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.277{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD2-5FB6-0000-001089A51F00}4792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012372Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.261{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD2-5FB6-0000-001089A51F00}4792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012371Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.261{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD2-5FB6-0000-001089A51F00}4792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012370Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.183{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD2-5FB6-0000-00102EA11F00}5088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012369Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.168{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD2-5FB6-0000-00102EA11F00}5088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012368Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:58.168{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD2-5FB6-0000-00102EA11F00}5088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012367Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:58.105{2CC55DE6-6FD1-5FB6-0000-0010A59A1F00}1932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\78c-0\System.Web.Entity.dll2020-11-19 13:14:58.105 10341000x800000000000000012414Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.543{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32add|C:\Windows\SYSTEM32\IEFRAME.dll+b4e0b|C:\Windows\SYSTEM32\IEFRAME.dll+c6617|C:\Windows\SYSTEM32\IEFRAME.dll+f7ba8|C:\Windows\SYSTEM32\IEFRAME.dll+f7ab0|C:\Windows\SYSTEM32\IEFRAME.dll+2e821|C:\Windows\SYSTEM32\IEFRAME.dll+2a83a6|C:\Windows\SYSTEM32\IEFRAME.dll+152634|C:\Windows\SYSTEM32\IEFRAME.dll+ccc61 10341000x800000000000000012413Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.543{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32add|C:\Windows\SYSTEM32\IEFRAME.dll+b4e0b|C:\Windows\SYSTEM32\IEFRAME.dll+c6617|C:\Windows\SYSTEM32\IEFRAME.dll+f7ba8|C:\Windows\SYSTEM32\IEFRAME.dll+f7ab0|C:\Windows\SYSTEM32\IEFRAME.dll+2e821|C:\Windows\SYSTEM32\IEFRAME.dll+2a83a6|C:\Windows\SYSTEM32\IEFRAME.dll+152634 10341000x800000000000000012412Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.543{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32add|C:\Windows\SYSTEM32\IEFRAME.dll+b4e0b|C:\Windows\SYSTEM32\IEFRAME.dll+c6617|C:\Windows\SYSTEM32\IEFRAME.dll+f7ba8|C:\Windows\SYSTEM32\IEFRAME.dll+f7ab0|C:\Windows\SYSTEM32\IEFRAME.dll+2e821|C:\Windows\SYSTEM32\IEFRAME.dll+2a83a6|C:\Windows\SYSTEM32\IEFRAME.dll+152634|C:\Windows\SYSTEM32\IEFRAME.dll+ccc61 10341000x800000000000000012411Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.340{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FD3-5FB6-0000-0010DAC61F00}6864C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012410Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.340{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012409Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.340{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012408Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.340{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012407Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.340{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012406Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.340{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD3-5FB6-0000-0010DAC61F00}6864C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012405Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.340{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FD3-5FB6-0000-0010DAC61F00}6864C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000012404Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.340{2CC55DE6-6FD3-5FB6-0000-0010DAC61F00}6864C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000012403Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.261{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD3-5FB6-0000-001011C31F00}7088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012402Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.246{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD3-5FB6-0000-001011C31F00}7088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012401Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.246{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD3-5FB6-0000-001011C31F00}7088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012400Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.199{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD3-5FB6-0000-0010E8BE1F00}2136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012399Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.183{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD3-5FB6-0000-0010E8BE1F00}2136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012398Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:14:59.183{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD3-5FB6-0000-0010E8BE1F00}2136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012397Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:14:59.121{2CC55DE6-6FD2-5FB6-0000-001084B71F00}5652C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1614-0\System.Web.Extensions.Design.dll2020-11-19 13:14:59.121 10341000x800000000000000012459Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.840{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012458Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.840{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012457Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.824{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD4-5FB6-0000-001030EB1F00}4988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012456Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.809{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD4-5FB6-0000-001030EB1F00}4988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012455Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.809{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD4-5FB6-0000-001030EB1F00}4988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012454Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.746{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012453Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.746{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\System32\SHELL32.dll+efa37|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAACEA5)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\SYSTEM32\IEUI.dll+54ab|C:\Windows\SYSTEM32\IEFRAME.dll+b4a83|C:\Windows\SYSTEM32\IEFRAME.dll+c6617|C:\Windows\SYSTEM32\IEFRAME.dll+f7ba8 10341000x800000000000000012452Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.746{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012451Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.746{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012450Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.715{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD4-5FB6-0000-00101EE51F00}1164C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012449Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.715{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD4-5FB6-0000-00101EE51F00}1164C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012448Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.715{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD4-5FB6-0000-00101EE51F00}1164C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012447Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.683{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24923704C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012446Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.683{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24923704C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012445Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.683{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\SHELL32.dll+efb85|C:\Windows\System32\SHELL32.dll+ef687|C:\Windows\System32\SHELL32.dll+ef5b8|C:\Windows\System32\SHELL32.dll+efd42|C:\Windows\SYSTEM32\IEFRAME.dll+11ea38|C:\Windows\SYSTEM32\IEFRAME.dll+b3202|C:\Windows\SYSTEM32\IEFRAME.dll+b564e|C:\Windows\SYSTEM32\IEFRAME.dll+b5ed4|C:\Windows\SYSTEM32\IEFRAME.dll+8331e|C:\Windows\SYSTEM32\IEFRAME.dll+ba051|C:\Windows\SYSTEM32\IEFRAME.dll+ac515|C:\Windows\SYSTEM32\IEFRAME.dll+ad049|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32add|C:\Windows\SYSTEM32\IEFRAME.dll+b4e0b|C:\Windows\SYSTEM32\IEFRAME.dll+c6617|C:\Windows\SYSTEM32\IEFRAME.dll+f7ba8 10341000x800000000000000012444Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.683{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\SHELL32.dll+efb01|C:\Windows\System32\SHELL32.dll+ef687|C:\Windows\System32\SHELL32.dll+ef5b8|C:\Windows\System32\SHELL32.dll+efd42|C:\Windows\SYSTEM32\IEFRAME.dll+11ea38|C:\Windows\SYSTEM32\IEFRAME.dll+b3202|C:\Windows\SYSTEM32\IEFRAME.dll+b564e|C:\Windows\SYSTEM32\IEFRAME.dll+b5ed4|C:\Windows\SYSTEM32\IEFRAME.dll+8331e|C:\Windows\SYSTEM32\IEFRAME.dll+ba051|C:\Windows\SYSTEM32\IEFRAME.dll+ac515|C:\Windows\SYSTEM32\IEFRAME.dll+ad049|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32add|C:\Windows\SYSTEM32\IEFRAME.dll+b4e0b|C:\Windows\SYSTEM32\IEFRAME.dll+c6617|C:\Windows\SYSTEM32\IEFRAME.dll+f7ba8 10341000x800000000000000012443Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.683{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\SHELL32.dll+efae5|C:\Windows\System32\SHELL32.dll+ef687|C:\Windows\System32\SHELL32.dll+ef5b8|C:\Windows\System32\SHELL32.dll+efd42|C:\Windows\SYSTEM32\IEFRAME.dll+11ea38|C:\Windows\SYSTEM32\IEFRAME.dll+b3202|C:\Windows\SYSTEM32\IEFRAME.dll+b564e|C:\Windows\SYSTEM32\IEFRAME.dll+b5ed4|C:\Windows\SYSTEM32\IEFRAME.dll+8331e|C:\Windows\SYSTEM32\IEFRAME.dll+ba051|C:\Windows\SYSTEM32\IEFRAME.dll+ac515|C:\Windows\SYSTEM32\IEFRAME.dll+ad049|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012442Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.683{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\SHELL32.dll+efae5|C:\Windows\System32\SHELL32.dll+ef687|C:\Windows\System32\SHELL32.dll+ef5b8|C:\Windows\System32\SHELL32.dll+efd42|C:\Windows\SYSTEM32\IEFRAME.dll+11ea38|C:\Windows\SYSTEM32\IEFRAME.dll+b3202|C:\Windows\SYSTEM32\IEFRAME.dll+b564e|C:\Windows\SYSTEM32\IEFRAME.dll+b5ed4|C:\Windows\SYSTEM32\IEFRAME.dll+8331e|C:\Windows\SYSTEM32\IEFRAME.dll+ba051|C:\Windows\SYSTEM32\IEFRAME.dll+ac515|C:\Windows\SYSTEM32\IEFRAME.dll+ad049|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32add 10341000x800000000000000012441Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.668{2CC55DE6-6FD4-5FB6-0000-001030D81F00}10525312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000012440Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:00.652{2CC55DE6-6FD4-5FB6-0000-0010D0DE1F00}948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3b4-0\System.Web.Routing.dll2020-11-19 13:15:00.652 10341000x800000000000000012439Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.652{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012438Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.652{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012437Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.636{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD4-5FB6-0000-0010D0DE1F00}948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012436Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.621{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FD4-5FB6-0000-0010D0DE1F00}948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012435Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.621{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD4-5FB6-0000-0010D0DE1F00}948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012434Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.558{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD4-5FB6-0000-0010E1D91F00}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012433Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.543{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD4-5FB6-0000-0010E1D91F00}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012432Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.543{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD4-5FB6-0000-0010E1D91F00}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012431Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.511{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FD4-5FB6-0000-001030D81F00}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012430Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.511{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012429Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.511{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012428Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.511{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012427Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.511{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012426Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.511{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD4-5FB6-0000-001030D81F00}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012425Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.511{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FD4-5FB6-0000-001030D81F00}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000012424Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.512{2CC55DE6-6FD4-5FB6-0000-001030D81F00}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000012423Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:00.480{2CC55DE6-6FD4-5FB6-0000-00103AD41F00}6152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1808-0\System.Web.RegularExpressions.dll2020-11-19 13:15:00.480 10341000x800000000000000012422Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.371{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD4-5FB6-0000-00103AD41F00}6152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012421Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.355{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FD4-5FB6-0000-00103AD41F00}6152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012420Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.355{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD4-5FB6-0000-00103AD41F00}6152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012419Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.324{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD4-5FB6-0000-0010F0D01F00}3184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012418Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.308{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD4-5FB6-0000-0010F0D01F00}3184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012417Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.308{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD4-5FB6-0000-0010F0D01F00}3184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012416Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:00.261{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000012415Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:00.183{2CC55DE6-6FD3-5FB6-0000-001011C31F00}7088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1bb0-0\System.Web.Mobile.dll2020-11-19 13:15:00.183 11241100x800000000000000012478Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:01.918{2CC55DE6-6FD4-5FB6-0000-001030EB1F00}4988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\137c-0\System.Windows.Controls.Ribbon.dll2020-11-19 13:15:01.918 10341000x800000000000000012477Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.886{2CC55DE6-6FD5-5FB6-0000-001096F21F00}70324104C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012476Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.636{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FD5-5FB6-0000-001096F21F00}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012475Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.636{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012474Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.636{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012473Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.636{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012472Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.636{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012471Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.636{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FD5-5FB6-0000-001096F21F00}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012470Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.636{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FD5-5FB6-0000-001096F21F00}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000012469Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.637{2CC55DE6-6FD5-5FB6-0000-001096F21F00}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000012468Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.449{2CC55DE6-6FD5-5FB6-0000-0010C1F01F00}42322864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012467Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.137{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FD5-5FB6-0000-0010C1F01F00}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012466Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.137{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012465Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.137{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012464Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.137{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012463Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.137{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012462Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.137{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD5-5FB6-0000-0010C1F01F00}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012461Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.137{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FD5-5FB6-0000-0010C1F01F00}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000012460Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:01.140{2CC55DE6-6FD5-5FB6-0000-0010C1F01F00}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000012484Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:02.121{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD6-5FB6-0000-0010A72C2000}3980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012483Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:02.105{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6F9E-5FB6-0000-001042C91D00}3980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012482Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:02.105{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6F9E-5FB6-0000-001042C91D00}3980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012481Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:02.028{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD6-5FB6-0000-0010EE282000}6932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012480Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:02.011{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD6-5FB6-0000-0010EE282000}6932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012479Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:02.011{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD6-5FB6-0000-0010EE282000}6932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012500Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.824{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7227|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+1dde9|C:\Windows\SYSTEM32\IEFRAME.dll+1de5b|C:\Windows\SYSTEM32\IEFRAME.dll+25cc1|C:\Windows\SYSTEM32\IEFRAME.dll+264e5|C:\Windows\SYSTEM32\IEFRAME.dll+d4456|C:\Windows\SYSTEM32\IEFRAME.dll+d3e2f|C:\Windows\SYSTEM32\IEFRAME.dll+d3d31|C:\Windows\SYSTEM32\IEFRAME.dll+d3b54|C:\Windows\SYSTEM32\IEFRAME.dll+d3ab1|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012499Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.824{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7192|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+1dde9|C:\Windows\SYSTEM32\IEFRAME.dll+1de5b|C:\Windows\SYSTEM32\IEFRAME.dll+25cc1|C:\Windows\SYSTEM32\IEFRAME.dll+264e5|C:\Windows\SYSTEM32\IEFRAME.dll+d4456|C:\Windows\SYSTEM32\IEFRAME.dll+d3e2f|C:\Windows\SYSTEM32\IEFRAME.dll+d3d31|C:\Windows\SYSTEM32\IEFRAME.dll+d3b54|C:\Windows\SYSTEM32\IEFRAME.dll+d3ab1|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012498Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.824{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+1dde9|C:\Windows\SYSTEM32\IEFRAME.dll+1de5b|C:\Windows\SYSTEM32\IEFRAME.dll+25cc1|C:\Windows\SYSTEM32\IEFRAME.dll+264e5|C:\Windows\SYSTEM32\IEFRAME.dll+d4456|C:\Windows\SYSTEM32\IEFRAME.dll+d3e2f|C:\Windows\SYSTEM32\IEFRAME.dll+d3d31|C:\Windows\SYSTEM32\IEFRAME.dll+d3b54|C:\Windows\SYSTEM32\IEFRAME.dll+d3ab1|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09 10341000x800000000000000012497Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.824{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+1dde9|C:\Windows\SYSTEM32\IEFRAME.dll+1de5b|C:\Windows\SYSTEM32\IEFRAME.dll+25cc1|C:\Windows\SYSTEM32\IEFRAME.dll+264e5|C:\Windows\SYSTEM32\IEFRAME.dll+d4456|C:\Windows\SYSTEM32\IEFRAME.dll+d3e2f|C:\Windows\SYSTEM32\IEFRAME.dll+d3d31|C:\Windows\SYSTEM32\IEFRAME.dll+d3b54|C:\Windows\SYSTEM32\IEFRAME.dll+d3ab1|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a 10341000x800000000000000012496Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.824{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7227|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+1dde9|C:\Windows\SYSTEM32\IEFRAME.dll+1de5b|C:\Windows\SYSTEM32\IEFRAME.dll+25cc1|C:\Windows\SYSTEM32\IEFRAME.dll+264e5|C:\Windows\SYSTEM32\IEFRAME.dll+d4456|C:\Windows\SYSTEM32\IEFRAME.dll+d3e2f|C:\Windows\SYSTEM32\IEFRAME.dll+d3d31|C:\Windows\SYSTEM32\IEFRAME.dll+d3b54|C:\Windows\SYSTEM32\IEFRAME.dll+d3ab1|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012495Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.824{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7192|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+1dde9|C:\Windows\SYSTEM32\IEFRAME.dll+1de5b|C:\Windows\SYSTEM32\IEFRAME.dll+25cc1|C:\Windows\SYSTEM32\IEFRAME.dll+264e5|C:\Windows\SYSTEM32\IEFRAME.dll+d4456|C:\Windows\SYSTEM32\IEFRAME.dll+d3e2f|C:\Windows\SYSTEM32\IEFRAME.dll+d3d31|C:\Windows\SYSTEM32\IEFRAME.dll+d3b54|C:\Windows\SYSTEM32\IEFRAME.dll+d3ab1|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012494Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.824{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+1dde9|C:\Windows\SYSTEM32\IEFRAME.dll+1de5b|C:\Windows\SYSTEM32\IEFRAME.dll+25cc1|C:\Windows\SYSTEM32\IEFRAME.dll+264e5|C:\Windows\SYSTEM32\IEFRAME.dll+d4456|C:\Windows\SYSTEM32\IEFRAME.dll+d3e2f|C:\Windows\SYSTEM32\IEFRAME.dll+d3d31|C:\Windows\SYSTEM32\IEFRAME.dll+d3b54|C:\Windows\SYSTEM32\IEFRAME.dll+d3ab1|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09 10341000x800000000000000012493Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.824{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446236C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ed2b|C:\Windows\System32\shcore.dll+2ec8f|C:\Windows\SYSTEM32\IEFRAME.dll+1dde9|C:\Windows\SYSTEM32\IEFRAME.dll+1de5b|C:\Windows\SYSTEM32\IEFRAME.dll+25cc1|C:\Windows\SYSTEM32\IEFRAME.dll+264e5|C:\Windows\SYSTEM32\IEFRAME.dll+d4456|C:\Windows\SYSTEM32\IEFRAME.dll+d3e2f|C:\Windows\SYSTEM32\IEFRAME.dll+d3d31|C:\Windows\SYSTEM32\IEFRAME.dll+d3b54|C:\Windows\SYSTEM32\IEFRAME.dll+d3ab1|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a 10341000x800000000000000012492Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.011{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FD7-5FB6-0000-001095302000}812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012491Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.011{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012490Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.011{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012489Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.011{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012488Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.011{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012487Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.011{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD7-5FB6-0000-001095302000}812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012486Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.011{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FD7-5FB6-0000-001095302000}812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000012485Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:03.013{2CC55DE6-6FD7-5FB6-0000-001095302000}812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000012522Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:04.980{2CC55DE6-6FD8-5FB6-0000-0010B74A2000}6628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\19e4-0\System.Windows.Presentation.dll2020-11-19 13:15:04.980 10341000x800000000000000012521Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.902{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD8-5FB6-0000-0010B74A2000}6628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012520Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.886{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FD8-5FB6-0000-0010B74A2000}6628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012519Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.886{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD8-5FB6-0000-0010B74A2000}6628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012518Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.839{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD8-5FB6-0000-0010A8462000}3952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012517Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.839{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD8-5FB6-0000-0010A8462000}3952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012516Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.839{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD8-5FB6-0000-0010A8462000}3952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012515Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:04.777{2CC55DE6-6FD8-5FB6-0000-001009432000}224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e0-0\System.Windows.Input.Manipulations.dll2020-11-19 13:15:04.777 10341000x800000000000000012514Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.683{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD8-5FB6-0000-001009432000}224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012513Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.668{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FD8-5FB6-0000-001009432000}224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012512Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.668{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD8-5FB6-0000-001009432000}224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012511Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.636{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD8-5FB6-0000-0010B33F2000}2672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012510Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.636{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD8-5FB6-0000-0010B33F2000}2672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012509Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.636{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD8-5FB6-0000-0010B33F2000}2672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012508Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:04.574{2CC55DE6-6FD8-5FB6-0000-0010643B2000}2020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\7e4-0\System.Windows.Forms.DataVisualization.Design.dll2020-11-19 13:15:04.574 10341000x800000000000000012507Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.418{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD8-5FB6-0000-0010643B2000}2020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012506Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.418{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FD8-5FB6-0000-0010643B2000}2020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012505Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.418{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD8-5FB6-0000-0010643B2000}2020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012504Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.355{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD8-5FB6-0000-00107E372000}3336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012503Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.355{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD8-5FB6-0000-00107E372000}3336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012502Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:04.355{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD8-5FB6-0000-00107E372000}3336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012501Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:04.183{2CC55DE6-6FD6-5FB6-0000-0010A72C2000}3980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\f8c-0\System.Windows.Forms.DataVisualization.dll2020-11-19 13:15:04.183 10341000x800000000000000012528Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:05.136{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD9-5FB6-0000-00104E542000}4192C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012527Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:05.136{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD9-5FB6-0000-00104E542000}4192C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012526Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:05.136{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD9-5FB6-0000-00104E542000}4192C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012525Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:05.043{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD9-5FB6-0000-0010E54F2000}7132C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012524Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:05.043{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD9-5FB6-0000-0010E54F2000}7132C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012523Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:05.043{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD9-5FB6-0000-0010E54F2000}7132C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012535Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:06.605{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDA-5FB6-0000-00109F652000}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012534Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:06.589{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FDA-5FB6-0000-00109F652000}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012533Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:06.589{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDA-5FB6-0000-00109F652000}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012532Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:06.543{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDA-5FB6-0000-001069612000}7016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012531Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:06.527{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FDA-5FB6-0000-001069612000}7016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012530Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:06.527{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDA-5FB6-0000-001069612000}7016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012529Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:06.402{2CC55DE6-6FD9-5FB6-0000-00104E542000}4192C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1060-0\System.Workflow.Activities.dll2020-11-19 13:15:06.402 10341000x800000000000000012538Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:07.683{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012537Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:07.683{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012536Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:07.683{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012605Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.980{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012604Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.980{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012603Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.980{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012602Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.980{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012601Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.980{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012600Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.980{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012599Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.964{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012598Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.964{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012597Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.964{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012596Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.949{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012595Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.949{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012594Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.949{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012593Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.949{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012592Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.949{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012591Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.949{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012590Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.933{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012589Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.933{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012588Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.933{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012587Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.918{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012586Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.918{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012585Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.918{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012584Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.918{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012583Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.918{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012582Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.918{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012581Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.902{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012580Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.902{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012579Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.902{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012578Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.902{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012577Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.902{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012576Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.902{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012575Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.886{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012574Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.886{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012573Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.886{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012572Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.886{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012571Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.886{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012570Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.886{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012569Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.777{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDC-5FB6-0000-0010EA722000}3440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012568Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.761{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012567Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.761{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012566Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.761{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012565Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.761{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FDC-5FB6-0000-0010EA722000}3440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012564Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.761{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDC-5FB6-0000-0010EA722000}3440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012563Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.761{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012562Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.761{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012561Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.761{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012560Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.746{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012559Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.746{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012558Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.746{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012557Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.730{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012556Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.730{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012555Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.730{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012554Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.714{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012553Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.714{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012552Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.714{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012551Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.699{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012550Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.699{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012549Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.699{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012548Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.699{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDC-5FB6-0000-0010516D2000}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012547Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.699{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012546Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.699{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012545Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.699{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012544Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.683{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FA3-5FB6-0000-001025FA1D00}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012543Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.683{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA3-5FB6-0000-001025FA1D00}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012542Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.683{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012541Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.683{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012540Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.683{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 11241100x800000000000000012539Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:08.574{2CC55DE6-6FDA-5FB6-0000-00109F652000}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e10-0\System.Workflow.ComponentModel.dll2020-11-19 13:15:08.574 11241100x800000000000000012696Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:09.964{2CC55DE6-6FDC-5FB6-0000-0010EA722000}3440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d70-0\System.Workflow.Runtime.dll2020-11-19 13:15:09.964 10341000x800000000000000012695Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.371{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012694Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.371{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012693Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.371{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012692Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.355{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012691Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.355{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012690Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.355{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012689Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.355{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012688Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.355{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012687Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.355{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012686Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.339{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012685Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.339{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012684Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.339{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012683Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.324{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012682Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.324{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012681Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.324{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012680Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.324{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012679Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.324{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012678Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.324{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012677Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.308{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012676Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.308{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012675Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.308{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012674Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.293{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012673Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.293{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012672Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.293{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012671Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.293{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012670Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.293{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012669Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.293{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012668Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.261{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012667Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.261{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012666Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.261{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012665Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.261{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012664Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.261{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012663Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.261{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012662Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.246{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012661Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.246{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012660Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.246{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012659Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.183{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012658Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.183{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012657Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.183{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012656Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.168{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012655Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.168{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012654Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.168{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012653Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.152{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012652Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.152{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012651Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.152{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012650Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.136{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012649Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.136{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012648Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.136{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012647Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.136{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012646Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.136{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012645Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.136{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012644Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.121{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012643Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.121{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012642Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.121{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012641Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.121{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012640Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.121{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012639Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.121{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012638Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.089{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012637Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.089{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012636Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.089{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012635Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.089{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012634Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.089{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012633Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.089{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012632Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.074{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012631Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.074{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012630Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.074{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012629Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.074{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012628Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.074{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012627Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.074{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012626Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.058{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012625Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.058{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012624Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.058{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012623Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.043{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012622Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.043{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012621Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.043{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012620Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.043{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012619Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.043{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012618Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.043{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012617Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.027{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012616Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.027{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012615Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.027{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012614Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.027{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012613Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.027{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012612Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.027{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012611Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.011{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012610Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.011{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012609Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:09.011{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012608Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.996{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012607Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.996{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB) 10341000x800000000000000012606Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:08.996{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+ab89a|C:\Windows\SYSTEM32\IEFRAME.dll+acd59|C:\Windows\SYSTEM32\IEFRAME.dll+ae592|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA) 10341000x800000000000000012708Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.980{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FDE-5FB6-0000-001077952000}1924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012707Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.980{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDE-5FB6-0000-001077952000}1924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012706Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.964{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012705Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.964{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000012704Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:10.902{2CC55DE6-6FDE-5FB6-0000-0010758B2000}5816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\16b8-0\System.WorkflowServices.dll2020-11-19 13:15:10.902 10341000x800000000000000012703Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.152{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDE-5FB6-0000-0010758B2000}5816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012702Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.136{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FC0-5FB6-0000-0010E8C01E00}5816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012701Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.136{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC0-5FB6-0000-0010E8C01E00}5816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012700Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.058{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FA9-5FB6-0000-00104E131E00}3368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012699Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.058{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FA9-5FB6-0000-00104E131E00}3368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012698Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.058{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FA9-5FB6-0000-00104E131E00}3368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012697Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.027{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012733Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.730{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDF-5FB6-0000-0010F8B12000}5184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012732Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.730{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FDF-5FB6-0000-0010F8B12000}5184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012731Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.730{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDF-5FB6-0000-0010F8B12000}5184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012730Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.652{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDF-5FB6-0000-001025AE2000}6644C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012729Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.652{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FDF-5FB6-0000-001025AE2000}6644C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012728Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.652{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDF-5FB6-0000-001025AE2000}6644C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012727Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:11.589{2CC55DE6-6FDF-5FB6-0000-00103DAA2000}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\19dc-0\UIAutomationClient.dll2020-11-19 13:15:11.589 10341000x800000000000000012726Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.386{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDF-5FB6-0000-00103DAA2000}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012725Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.371{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD2-5FB6-0000-001041AB1F00}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012724Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.371{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD2-5FB6-0000-001041AB1F00}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012723Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.324{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDF-5FB6-0000-001054A62000}6036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012722Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.324{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FDF-5FB6-0000-001054A62000}6036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012721Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.324{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDF-5FB6-0000-001054A62000}6036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012720Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:11.261{2CC55DE6-6FDF-5FB6-0000-001013A32000}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1884-0\System.Xml.Serialization.dll2020-11-19 13:15:11.261 10341000x800000000000000012719Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.246{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDF-5FB6-0000-001013A32000}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012718Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.230{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FAA-5FB6-0000-0010D4241E00}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012717Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.230{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAA-5FB6-0000-0010D4241E00}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012716Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.183{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDF-5FB6-0000-00106E9F2000}6048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012715Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.183{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FDF-5FB6-0000-00106E9F2000}6048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012714Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.183{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDF-5FB6-0000-00106E9F2000}6048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012713Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:11.121{2CC55DE6-6FDF-5FB6-0000-0010029A2000}5300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\14b4-0\System.Xaml.Hosting.dll2020-11-19 13:15:11.121 10341000x800000000000000012712Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.043{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDF-5FB6-0000-0010029A2000}5300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012711Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.043{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FDF-5FB6-0000-0010029A2000}5300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012710Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:11.043{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDF-5FB6-0000-0010029A2000}5300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012709Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:10.996{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDE-5FB6-0000-001077952000}1924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012754Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.917{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE0-5FB6-0000-0010E7C92000}6152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012753Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.902{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD4-5FB6-0000-00103AD41F00}6152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012752Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.902{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD4-5FB6-0000-00103AD41F00}6152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012751Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.855{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE0-5FB6-0000-0010D7C52000}3840C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012750Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.839{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE0-5FB6-0000-0010D7C52000}3840C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012749Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.839{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE0-5FB6-0000-0010D7C52000}3840C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012748Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:12.777{2CC55DE6-6FE0-5FB6-0000-0010DEC12000}5248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1480-0\UIAutomationTypes.dll2020-11-19 13:15:12.777 10341000x800000000000000012747Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.589{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FAD-5FB6-0000-0010BA491E00}5248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012746Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.589{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FAD-5FB6-0000-0010BA491E00}5248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012745Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.589{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAD-5FB6-0000-0010BA491E00}5248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012744Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.543{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FC3-5FB6-0000-00106EF11E00}3364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012743Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.543{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FC3-5FB6-0000-00106EF11E00}3364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012742Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.543{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC3-5FB6-0000-00106EF11E00}3364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012741Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:12.480{2CC55DE6-6FE0-5FB6-0000-00103CBA2000}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\15e0-0\UIAutomationProvider.dll2020-11-19 13:15:12.480 10341000x800000000000000012740Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.417{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE0-5FB6-0000-00103CBA2000}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012739Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.402{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE0-5FB6-0000-00103CBA2000}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012738Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.402{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE0-5FB6-0000-00103CBA2000}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012737Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.371{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FAB-5FB6-0000-0010753A1E00}5112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012736Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.371{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FAB-5FB6-0000-0010753A1E00}5112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012735Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:12.371{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAB-5FB6-0000-0010753A1E00}5112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012734Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:12.168{2CC55DE6-6FDF-5FB6-0000-0010F8B12000}5184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1440-0\UIAutomationClientsideProviders.dll2020-11-19 13:15:12.168 10341000x800000000000000012778Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.902{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE1-5FB6-0000-0010B9ED2000}2200C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012777Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.886{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}2200C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012776Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.886{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}2200C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012775Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.871{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{00000000-0000-0000-0000-000000000000}7080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012774Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.871{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}7080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012773Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.871{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}7080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 11241100x800000000000000012772Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:13.792{2CC55DE6-6FE1-5FB6-0000-0010F1DF2000}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1088-0\XsdBuildTask.dll2020-11-19 13:15:13.792 10341000x800000000000000012771Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.699{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE1-5FB6-0000-0010F1DF2000}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012770Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.683{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD5-5FB6-0000-0010C1F01F00}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012769Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.683{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD5-5FB6-0000-0010C1F01F00}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012768Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.636{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE1-5FB6-0000-001016DC2000}824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012767Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.621{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE1-5FB6-0000-001016DC2000}824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012766Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.621{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE1-5FB6-0000-001016DC2000}824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012765Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:13.574{2CC55DE6-6FE1-5FB6-0000-0010F1D62000}4520C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11a8-0\XamlBuildTask.dll2020-11-19 13:15:13.574 10341000x800000000000000012764Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.292{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FC5-5FB6-0000-0010FC141F00}4520C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012763Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.292{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FC5-5FB6-0000-0010FC141F00}4520C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012762Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.292{2CC55DE6-6E1F-5FB6-0000-001095431100}15924052C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC5-5FB6-0000-0010FC141F00}4520C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000012761Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.246{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE1-5FB6-0000-001010D32000}2584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012760Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.230{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE1-5FB6-0000-001010D32000}2584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012759Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.230{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE1-5FB6-0000-001010D32000}2584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x800000000000000012758Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.199{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE1-5FB6-0000-001099CF2000}1108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012757Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.183{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE1-5FB6-0000-001099CF2000}1108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012756Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.183{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE1-5FB6-0000-001099CF2000}1108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x800000000000000012755Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:15:13.121{2CC55DE6-6FE0-5FB6-0000-0010E7C92000}6152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1808-0\WindowsFormsIntegration.dll2020-11-19 13:15:13.121 10341000x800000000000000012898Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.980{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010425E2100}5052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012897Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.980{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010425E2100}5052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012896Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.980{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010425E2100}5052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012895Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.964{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010525B2100}6988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012894Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.949{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010525B2100}6988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012893Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.949{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010525B2100}6988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012892Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.933{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001090582100}5692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012891Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.917{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001090582100}5692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012890Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.917{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001090582100}5692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012889Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.902{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE0-5FB6-0000-00103CBA2000}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012888Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.902{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE0-5FB6-0000-00103CBA2000}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012887Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.902{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE0-5FB6-0000-00103CBA2000}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012886Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.886{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001016532100}5140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012885Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.871{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001016532100}5140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012884Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.871{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001016532100}5140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012883Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.855{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001035502100}6316C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012882Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.839{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001035502100}6316C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012881Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.839{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001035502100}6316C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012880Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.824{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-00106C4D2100}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012879Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.824{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-00106C4D2100}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012878Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.824{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-00106C4D2100}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012877Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.808{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010874A2100}5352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012876Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.792{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010874A2100}5352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012875Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.792{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010874A2100}5352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012874Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.777{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010D0472100}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012873Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.761{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FDF-5FB6-0000-00103DAA2000}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012872Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.761{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDF-5FB6-0000-00103DAA2000}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012871Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.746{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001008452100}612C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012870Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.746{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001008452100}612C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012869Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.746{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001008452100}612C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012868Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.730{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001052422100}4792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012867Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.714{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD2-5FB6-0000-001089A51F00}4792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012866Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.714{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD2-5FB6-0000-001089A51F00}4792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012865Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.699{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010903F2100}5476C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012864Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.683{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FC0-5FB6-0000-00104CD01E00}5476C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012863Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.683{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC0-5FB6-0000-00104CD01E00}5476C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012862Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.667{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD1-5FB6-0000-0010129E1F00}7056C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012861Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.667{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD1-5FB6-0000-0010129E1F00}7056C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012860Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.667{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD1-5FB6-0000-0010129E1F00}7056C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012859Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.652{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010053A2100}4092C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012858Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.636{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010053A2100}4092C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012857Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.636{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010053A2100}4092C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012856Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.621{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001043372100}1980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012855Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.605{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001043372100}1980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012854Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.605{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001043372100}1980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012853Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.605{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001080342100}1632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012852Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.589{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001080342100}1632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012851Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.589{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001080342100}1632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012850Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.574{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-00109F312100}2044C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012849Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.558{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-00109F312100}2044C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012848Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.558{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-00109F312100}2044C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012847Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.542{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD1-5FB6-0000-00106F911F00}1548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012846Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.542{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD1-5FB6-0000-00106F911F00}1548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012845Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.542{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD1-5FB6-0000-00106F911F00}1548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012844Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.527{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010272C2100}6480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012843Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.511{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010272C2100}6480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012842Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.511{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010272C2100}6480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012841Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.496{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-00105C292100}3304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012840Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.480{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-00105C292100}3304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012839Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.480{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-00105C292100}3304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012838Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.464{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001093262100}5792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012837Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.464{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001093262100}5792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012836Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.464{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001093262100}5792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012835Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.449{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010DD232100}7140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012834Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.433{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FBE-5FB6-0000-0010689F1E00}7140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012833Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.433{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBE-5FB6-0000-0010689F1E00}7140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012832Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.417{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001019212100}4220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012831Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.402{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001019212100}4220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012830Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.402{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001019212100}4220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012829Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.386{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010301E2100}3136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012828Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.386{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010301E2100}3136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012827Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.386{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010301E2100}3136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012826Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.371{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010761B2100}5460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012825Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.355{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FBE-5FB6-0000-001037981E00}5460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012824Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.355{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBE-5FB6-0000-001037981E00}5460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012823Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.339{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001095182100}4192C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012822Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.324{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD9-5FB6-0000-00104E542000}4192C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012821Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.324{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD9-5FB6-0000-00104E542000}4192C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012820Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.277{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010C1152100}6452C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012819Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.261{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010C1152100}6452C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012818Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.261{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010C1152100}6452C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012817Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.246{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010FF122100}6688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012816Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.230{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010FF122100}6688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012815Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.230{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010FF122100}6688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012814Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.214{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001037102100}7128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012813Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.214{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001037102100}7128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012812Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.214{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001037102100}7128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012811Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.199{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010750D2100}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012810Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.183{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010750D2100}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012809Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.183{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010750D2100}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012808Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.167{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010B30A2100}6516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012807Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.152{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010B30A2100}6516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012806Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.152{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010B30A2100}6516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012805Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.136{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010FE072100}4496C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012804Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.136{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010FE072100}4496C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012803Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.136{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010FE072100}4496C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012802Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.121{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001086052100}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012801Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.105{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FCD-5FB6-0000-0010D0461F00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012800Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.105{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FCD-5FB6-0000-0010D0461F00}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012799Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.089{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010FC022100}6356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012798Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.089{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010FC022100}6356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012797Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.089{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010FC022100}6356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012796Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.074{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010F1FF2000}6612C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012795Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.058{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010F1FF2000}6612C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012794Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.058{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010F1FF2000}6612C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012793Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.042{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010BFFC2000}3336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012792Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.027{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD8-5FB6-0000-00107E372000}3336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012791Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.027{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD8-5FB6-0000-00107E372000}3336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012790Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.011{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{00000000-0000-0000-0000-000000000000}6648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012789Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.011{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}6648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012788Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.011{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}6648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012787Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.996{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE1-5FB6-0000-00103EF72000}3864C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012786Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.980{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}3864C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012785Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.980{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}3864C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012784Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.964{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE1-5FB6-0000-001028F42000}812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012783Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.949{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD7-5FB6-0000-001095302000}812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012782Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.949{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD7-5FB6-0000-001095302000}812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012781Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.933{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE1-5FB6-0000-0010FBF02000}7032C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012780Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.917{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD5-5FB6-0000-001096F21F00}7032C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012779Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:13.917{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD5-5FB6-0000-001096F21F00}7032C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013018Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.980{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-00100AC92100}6048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013017Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.964{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FDF-5FB6-0000-00106E9F2000}6048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013016Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.964{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDF-5FB6-0000-00106E9F2000}6048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013015Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.949{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001061C62100}5300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013014Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.933{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FDF-5FB6-0000-0010029A2000}5300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013013Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.933{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDF-5FB6-0000-0010029A2000}5300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013012Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.917{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001043372100}1980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013011Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.917{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001043372100}1980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013010Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.917{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001043372100}1980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013009Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.902{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001004C12100}1632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013008Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.886{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001080342100}1632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013007Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.886{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001080342100}1632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013006Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.871{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001063BE2100}2044C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013005Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.871{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-001063BE2100}2044C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013004Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.871{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-001063BE2100}2044C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013003Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.855{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010ADBB2100}1548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013002Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.839{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010E92E2100}1548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013001Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.839{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010E92E2100}1548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013000Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.824{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010F7B82100}6480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012999Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.808{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010272C2100}6480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012998Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.808{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010272C2100}6480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012997Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.792{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-00105C292100}3304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012996Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.792{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-00105C292100}3304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012995Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.792{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-00105C292100}3304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012994Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.777{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001072B32100}1100C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012993Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.761{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-001072B32100}1100C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012992Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.761{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-001072B32100}1100C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012991Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.746{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010BCB02100}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012990Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.730{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FDC-5FB6-0000-0010516D2000}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012989Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.730{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDC-5FB6-0000-0010516D2000}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012988Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.714{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010FAAD2100}7028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012987Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.699{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-0010FAAD2100}7028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012986Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.699{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-0010FAAD2100}7028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012985Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.683{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDA-5FB6-0000-00109F652000}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012984Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.683{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FDA-5FB6-0000-00109F652000}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012983Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.683{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDA-5FB6-0000-00109F652000}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012982Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.667{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001080A82100}4984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012981Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.652{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FBE-5FB6-0000-0010A19B1E00}4984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012980Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.652{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBE-5FB6-0000-0010A19B1E00}4984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012979Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.636{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010D3A52100}6836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012978Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.621{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-0010D3A52100}6836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012977Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.621{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-0010D3A52100}6836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012976Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.605{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010C1152100}6452C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012975Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.605{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010C1152100}6452C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012974Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.605{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010C1152100}6452C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012973Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.589{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001050A02100}6688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012972Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.574{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010FF122100}6688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012971Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.574{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010FF122100}6688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012970Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.558{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-00109A9D2100}7128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012969Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.542{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001037102100}7128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012968Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.542{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001037102100}7128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012967Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.527{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010750D2100}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012966Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.527{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010750D2100}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012965Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.527{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010750D2100}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012964Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.511{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001043982100}6516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012963Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.496{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010B30A2100}6516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012962Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.496{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010B30A2100}6516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012961Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.480{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-0010FE072100}4496C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012960Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.480{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010FE072100}4496C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012959Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.480{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010FE072100}4496C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012958Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.464{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010D7922100}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012957Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.449{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001086052100}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012956Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.449{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001086052100}3140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012955Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.433{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001035902100}6356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012954Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.417{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010FC022100}6356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012953Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.417{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010FC022100}6356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012952Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.402{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010828D2100}5508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012951Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.402{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-0010828D2100}5508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012950Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.402{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-0010828D2100}5508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012949Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.386{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010518A2100}3336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012948Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.371{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010BFFC2000}3336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012947Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.371{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010BFFC2000}3336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012946Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.355{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-00106C872100}4384C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012945Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.339{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-00106C872100}4384C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012944Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.339{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-00106C872100}4384C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012943Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.324{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010A4842100}2932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012942Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.324{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-0010A4842100}2932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012941Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.324{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-0010A4842100}2932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012940Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.308{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010E0812100}5268C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012939Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.292{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-0010E0812100}5268C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012938Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.292{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-0010E0812100}5268C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012937Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.277{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-00100E7F2100}1596C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012936Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.261{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-00100E7F2100}1596C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012935Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.261{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-00100E7F2100}1596C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012934Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.246{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FAE-5FB6-0000-0010A5741E00}6912C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012933Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.246{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FAE-5FB6-0000-0010A5741E00}6912C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012932Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.246{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAE-5FB6-0000-0010A5741E00}6912C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012931Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.230{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001082792100}5748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012930Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.214{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-001082792100}5748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012929Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.214{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-001082792100}5748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012928Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.199{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-00108B762100}4772C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012927Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.183{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-00108B762100}4772C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012926Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.183{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-00108B762100}4772C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012925Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.167{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE1-5FB6-0000-001016DC2000}824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012924Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.167{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012923Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.167{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012922Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.167{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012921Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.167{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE1-5FB6-0000-001016DC2000}824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012920Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.167{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE1-5FB6-0000-001016DC2000}824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012919Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.152{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001067702100}3040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012918Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.152{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012917Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.152{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012916Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.136{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\system32\wininetlui.dll+1cf4(wow64)|C:\Windows\system32\wininetlui.dll+1a52(wow64)|C:\Windows\SYSTEM32\WININET.dll+2f6011(wow64)|C:\Windows\SYSTEM32\WININET.dll+2f6c20(wow64)|C:\Windows\SYSTEM32\urlmon.dll+eb4d3(wow64)|C:\Windows\SYSTEM32\urlmon.dll+eb239(wow64)|C:\Windows\SYSTEM32\urlmon.dll+381a1(wow64) 10341000x800000000000000012915Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.136{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-001067702100}3040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012914Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.136{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-001067702100}3040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012913Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.121{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010946D2100}1152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012912Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.105{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-0010946D2100}1152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012911Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.105{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-0010946D2100}1152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012910Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.089{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD4-5FB6-0000-001030D81F00}1052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012909Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.089{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FD4-5FB6-0000-001030D81F00}1052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012908Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.089{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD4-5FB6-0000-001030D81F00}1052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012907Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.074{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001087672100}2676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012906Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.058{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-001087672100}2676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012905Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.058{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-001087672100}2676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012904Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.042{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010F7632100}6940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012903Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.027{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-0010F7632100}6940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012902Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.027{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-0010F7632100}6940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000012901Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.011{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-00100B612100}5340C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012900Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.011{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-00100B612100}5340C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000012899Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.011{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-00100B612100}5340C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013137Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.980{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-00100C332200}1936C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013136Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.964{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FBF-5FB6-0000-001019A61E00}1936C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013135Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.964{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FBF-5FB6-0000-001019A61E00}1936C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013134Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.949{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-00105B302200}5272C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013133Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.933{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-00105B302200}5272C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013132Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.933{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-00105B302200}5272C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013131Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.933{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013130Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.933{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013129Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.933{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013128Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.917{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010042D2200}3712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013127Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.917{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013126Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.917{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013125Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.917{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010042D2200}3712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013124Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.917{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010042D2200}3712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013123Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.902{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010452A2200}7048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013122Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.886{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FCF-5FB6-0000-0010995A1F00}7048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013121Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.886{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FCF-5FB6-0000-0010995A1F00}7048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013120Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.871{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-001083272200}6312C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013119Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.855{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-001083272200}6312C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013118Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.855{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-001083272200}6312C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013117Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.824{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010CB242200}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013116Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.808{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010CB242200}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013115Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.808{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010CB242200}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013114Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.792{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-00101E222200}4628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013113Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.777{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-00101E222200}4628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013112Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.777{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-00101E222200}4628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013111Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.761{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-00105D1F2200}7144C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013110Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.761{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-00105D1F2200}7144C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013109Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.761{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-00105D1F2200}7144C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013108Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.746{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010AB1C2200}4028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013107Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.730{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010AB1C2200}4028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013106Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.730{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010AB1C2200}4028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013105Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.714{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010F3192200}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013104Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.699{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FCD-5FB6-0000-0010504A1F00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013103Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.699{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FCD-5FB6-0000-0010504A1F00}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013102Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.683{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-001040172200}5548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013101Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.683{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-001040172200}5548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013100Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.683{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-001040172200}5548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013099Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.667{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-00108A142200}2672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013098Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.652{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FD8-5FB6-0000-0010B33F2000}2672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013097Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.652{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD8-5FB6-0000-0010B33F2000}2672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013096Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.636{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010C8112200}6956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013095Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.621{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010C8112200}6956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013094Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.621{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010C8112200}6956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013093Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.605{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010D60E2200}3552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013092Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.605{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010D60E2200}3552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013091Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.605{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010D60E2200}3552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013090Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.589{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010100C2200}6792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013089Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.574{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010100C2200}6792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013088Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.574{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010100C2200}6792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013087Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.558{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-001042092200}4672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013086Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.558{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-001042092200}4672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013085Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.558{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-001042092200}4672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013084Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.542{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-001086062200}6244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013083Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.527{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FC6-5FB6-0000-0010752E1F00}6244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013082Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.527{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC6-5FB6-0000-0010752E1F00}6244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013081Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.511{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010C0032200}3676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013080Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.496{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010C0032200}3676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013079Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.496{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010C0032200}3676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013078Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.480{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-001071002200}6348C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013077Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.480{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-001071002200}6348C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013076Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.480{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-001071002200}6348C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013075Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.464{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010A9FD2100}4956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013074Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.449{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010A9FD2100}4956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013073Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.449{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010A9FD2100}4956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013072Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.433{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-00108AFA2100}136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013071Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.417{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-00108AFA2100}136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013070Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.417{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-00108AFA2100}136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013069Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.402{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010C7F72100}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013068Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.402{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010C7F72100}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013067Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.402{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010C7F72100}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013066Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.386{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010DFF42100}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013065Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.371{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FAE-5FB6-0000-00105C5E1E00}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013064Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.371{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAE-5FB6-0000-00105C5E1E00}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013063Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.355{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-001008F22100}1200C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013062Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.339{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-001008F22100}1200C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013061Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.339{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-001008F22100}1200C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013060Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.324{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-001036EF2100}4448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013059Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.324{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-001036EF2100}4448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013058Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.324{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-001036EF2100}4448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013057Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.308{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-00105EEC2100}1368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013056Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.292{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-00105EEC2100}1368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013055Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.292{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-00105EEC2100}1368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013054Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.277{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-001084E92100}1156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013053Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.261{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-001084E92100}1156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013052Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.261{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-001084E92100}1156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013051Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.246{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD4-5FB6-0000-0010E1D91F00}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013050Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.246{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD4-5FB6-0000-0010E1D91F00}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013049Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.246{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD4-5FB6-0000-0010E1D91F00}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013048Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.230{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-001016E42100}6436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013047Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.214{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-001016E42100}6436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013046Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.214{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-001016E42100}6436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013045Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.199{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-00106FE12100}4276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013044Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.199{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-00106FE12100}4276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013043Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.183{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-00106FE12100}4276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013042Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.183{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010BFDE2100}2580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013041Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.167{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010BFDE2100}2580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013040Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.167{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010BFDE2100}2580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013039Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.152{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010E8DB2100}6352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013038Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.136{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010E8DB2100}6352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013037Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.136{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010E8DB2100}6352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013036Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.121{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE0-5FB6-0000-0010C3B62000}5112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013035Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.121{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE0-5FB6-0000-0010C3B62000}5112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013034Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.121{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE0-5FB6-0000-0010C3B62000}5112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013033Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.105{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-00108AD62100}5412C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013032Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.089{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-00108AD62100}5412C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013031Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.089{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-00108AD62100}5412C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013030Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.074{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-0010D2D32100}6476C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013029Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.058{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010D2D32100}6476C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013028Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.058{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-0010D2D32100}6476C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013027Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.042{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE2-5FB6-0000-001008452100}612C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013026Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.042{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001008452100}612C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013025Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.042{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001008452100}612C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013024Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.027{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-001080CE2100}4792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013023Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.011{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-001052422100}4792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013022Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.011{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-001052422100}4792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013021Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.996{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010B4CB2100}5220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013020Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.996{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-0010B4CB2100}5220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013019Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:15.996{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-0010B4CB2100}5220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013264Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.980{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00103BAC2200}3808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013263Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.980{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00103BAC2200}3808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013262Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.980{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00103BAC2200}3808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013261Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.964{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010A5A92200}2944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013260Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.949{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010A5A92200}2944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013259Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.949{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010A5A92200}2944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013258Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.933{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010E1A62200}184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013257Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.917{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010E1A62200}184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013256Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.917{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010E1A62200}184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013255Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.902{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD8-5FB6-0000-0010643B2000}2020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013254Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.902{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD8-5FB6-0000-0010643B2000}2020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013253Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.902{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD8-5FB6-0000-0010643B2000}2020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013252Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.886{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010AAA12200}6336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013251Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.871{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010AAA12200}6336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013250Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.871{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010AAA12200}6336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013249Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.855{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010B89E2200}2172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013248Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.855{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010B89E2200}2172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013247Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.839{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010B89E2200}2172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013246Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.839{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010189C2200}4548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013245Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.824{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010189C2200}4548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013244Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.824{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010189C2200}4548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013243Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.808{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00100F992200}1396C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013242Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.792{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00100F992200}1396C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013241Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.792{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00100F992200}1396C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013240Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.777{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00105B962200}2732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013239Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.761{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00105B962200}2732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013238Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.761{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00105B962200}2732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013237Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.746{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-001052932200}5504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013236Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.746{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-001052932200}5504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013235Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.746{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-001052932200}5504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013234Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.730{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010B3902200}3664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013233Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.714{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010B3902200}3664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013232Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.714{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010B3902200}3664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013231Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.699{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010C78D2200}6204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013230Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.683{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010C78D2200}6204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013229Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.683{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010C78D2200}6204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013228Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.667{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010218B2200}2228C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013227Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.667{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010218B2200}2228C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013226Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.667{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010218B2200}2228C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013225Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.652{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-001062882200}6240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013224Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.652{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013223Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.636{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-001062882200}6240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013222Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.636{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-001062882200}6240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013221Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.621{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013220Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.621{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013219Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.621{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-001081842200}1572C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013218Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.621{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d2dd7(wow64) 10341000x800000000000000013217Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.621{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-001081842200}1572C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013216Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.621{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-001081842200}1572C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013215Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.605{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00107E812200}4392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013214Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.589{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00107E812200}4392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013213Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.589{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00107E812200}4392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013212Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.574{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010E57E2200}948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013211Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.558{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD4-5FB6-0000-0010D0DE1F00}948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013210Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.558{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD4-5FB6-0000-0010D0DE1F00}948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013209Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.558{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00104D7C2200}7096C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013208Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.542{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00104D7C2200}7096C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013207Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.542{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00104D7C2200}7096C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013206Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.527{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-001080792200}2320C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013205Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.511{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-001080792200}2320C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013204Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.511{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-001080792200}2320C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013203Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.496{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00106C752200}6616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013202Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.496{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00106C752200}6616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013201Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.496{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00106C752200}6616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013200Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.480{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010B4722200}3364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013199Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.464{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE0-5FB6-0000-0010FBBD2000}3364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013198Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.464{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE0-5FB6-0000-0010FBBD2000}3364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013197Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.449{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FC3-5FB6-0000-001035FC1E00}2052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013196Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.449{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FC3-5FB6-0000-001035FC1E00}2052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013195Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.449{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC3-5FB6-0000-001035FC1E00}2052C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013194Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.433{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013193Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.433{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013192Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.433{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010D76B2200}5396C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013191Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.417{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010D76B2200}5396C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013190Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.417{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010D76B2200}5396C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013189Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.402{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00103B692200}2856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013188Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.386{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00103B692200}2856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013187Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.386{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00103B692200}2856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013186Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.386{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010A0662200}6172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013185Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.371{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010A0662200}6172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013184Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.371{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010A0662200}6172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013183Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.355{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00100B642200}2656C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013182Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.339{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FAB-5FB6-0000-0010F7361E00}2656C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013181Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.339{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAB-5FB6-0000-0010F7361E00}2656C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013180Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.324{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FC1-5FB6-0000-001017E11E00}6160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013179Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.324{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FC1-5FB6-0000-001017E11E00}6160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013178Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.324{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC1-5FB6-0000-001017E11E00}6160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013177Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.308{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00100F5D2200}5260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013176Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.292{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FC1-5FB6-0000-00101CD91E00}5260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013175Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.292{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FC1-5FB6-0000-00101CD91E00}5260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013174Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.277{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00101F5A2200}6796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013173Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.277{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00101F5A2200}6796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013172Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.277{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00101F5A2200}6796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013171Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.261{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-001024572200}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013170Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.246{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FDF-5FB6-0000-001013A32000}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013169Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.246{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDF-5FB6-0000-001013A32000}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013168Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.230{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-001077542200}4632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013167Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.214{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-001077542200}4632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013166Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.214{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-001077542200}4632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013165Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.199{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00107B512200}5072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013164Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.199{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00107B512200}5072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013163Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.199{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00107B512200}5072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013162Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.183{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010384E2200}2060C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013161Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.167{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010384E2200}2060C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013160Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.167{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010384E2200}2060C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013159Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.152{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD1-5FB6-0000-001064961F00}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013158Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.152{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FD1-5FB6-0000-001064961F00}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013157Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.152{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD1-5FB6-0000-001064961F00}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013156Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.136{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010D7482200}2036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013155Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.121{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010D7482200}2036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013154Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.121{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010D7482200}2036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 22542200x800000000000000013153Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:14.575{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996www.google.de0::ffff:172.217.22.3;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013152Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.105{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-001029462200}1080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013151Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.089{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-001029462200}1080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013150Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.089{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-001029462200}1080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013149Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.074{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-0010BE3E2200}5780C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013148Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.074{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010BE3E2200}5780C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013147Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.074{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010BE3E2200}5780C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013146Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.058{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00107A3B2200}6984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013145Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.042{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00107A3B2200}6984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013144Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.042{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00107A3B2200}6984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013143Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.027{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00107A382200}5472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013142Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.011{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00107A382200}5472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013141Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.011{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00107A382200}5472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013140Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.996{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-001054691F00}6124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013139Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.996{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FD0-5FB6-0000-001054691F00}6124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013138Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.996{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD0-5FB6-0000-001054691F00}6124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013360Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.839{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6E1D-5FB6-0000-00103F231100}2068C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013359Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.792{2CC55DE6-6AC1-5FB6-0000-001036540000}86096C:\Windows\system32\lsass.exe{2CC55DE6-6FE6-5FB6-0000-00103E032300}2912C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013358Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.792{2CC55DE6-6AC1-5FB6-0000-001036540000}86096C:\Windows\system32\lsass.exe{2CC55DE6-6FE6-5FB6-0000-00103E032300}2912C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013357Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.792{2CC55DE6-6E1D-5FB6-0000-001018261100}66086900C:\Windows\system32\conhost.exe{2CC55DE6-6FE6-5FB6-0000-00103E032300}2912C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013356Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.777{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}2912C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013355Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.777{2CC55DE6-6E1D-5FB6-0000-00103F231100}20686848C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe{00000000-0000-0000-0000-000000000000}2912C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.DLL+37d14(wow64)|UNKNOWN(0000000000F2404B)|UNKNOWN(0000000000F23CFC)|UNKNOWN(0000000000F24CBE)|UNKNOWN(0000000000F22444)|UNKNOWN(0000000000F20B66)|UNKNOWN(0000000000F2054F)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+ebf6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+11e50(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+17a14(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+11801a(wow64) 10341000x800000000000000013354Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.730{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-0010FCFB2200}6388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013353Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.730{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-0010FCFB2200}6388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013352Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.730{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-0010FCFB2200}6388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013351Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.714{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-001087F92200}4564C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013350Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.699{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FAD-5FB6-0000-0010704D1E00}4564C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013349Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.699{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FAD-5FB6-0000-0010704D1E00}4564C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013348Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.683{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-0010FCF62200}5248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013347Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.683{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-0010FCF62200}5248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013346Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.683{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-0010FCF62200}5248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013345Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.667{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-001055F42200}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013344Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.652{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-00106C4D2100}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013343Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.652{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-00106C4D2100}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013342Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.636{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-0010B3F12200}6788C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013341Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.621{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-0010B3F12200}6788C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013340Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.621{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-0010B3F12200}6788C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013339Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.605{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE4-5FB6-0000-00108AD62100}5412C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013338Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.605{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-00108AD62100}5412C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013337Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.605{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE4-5FB6-0000-00108AD62100}5412C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013336Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.589{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-001062EC2200}5352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013335Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.574{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE2-5FB6-0000-0010874A2100}5352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013334Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.574{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE2-5FB6-0000-0010874A2100}5352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013333Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.558{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-0010BBE92200}6160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013332Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.542{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-0010F75F2200}6160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013331Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.542{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-0010F75F2200}6160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013330Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.527{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FD2-5FB6-0000-001026B11F00}4428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013329Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.527{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FD2-5FB6-0000-001026B11F00}4428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013328Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.527{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD2-5FB6-0000-001026B11F00}4428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013327Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.511{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-00104FE42200}5188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013326Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.496{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-00104FE42200}5188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013325Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.496{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-00104FE42200}5188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013324Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.480{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-001024572200}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013323Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.480{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-001024572200}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013322Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.480{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-001024572200}6276C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013321Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.464{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-001013DF2200}4632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013320Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.449{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-001077542200}4632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013319Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.449{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-001077542200}4632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013318Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.433{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-001076DC2200}5072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013317Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.417{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00107B512200}5072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013316Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.417{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00107B512200}5072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013315Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.402{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-0010D1D92200}4388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013314Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.402{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-0010D1D92200}4388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013313Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.402{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-0010D1D92200}4388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013312Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.386{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-00102DD72200}7120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013311Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.371{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-00102DD72200}7120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013310Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.371{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-00102DD72200}7120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013309Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.355{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FDE-5FB6-0000-0010758B2000}5816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013308Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.355{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FDE-5FB6-0000-0010758B2000}5816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013307Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.355{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDE-5FB6-0000-0010758B2000}5816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013306Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.339{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-0010D8D12200}3484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013305Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.324{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-0010D8D12200}3484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013304Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.324{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-0010D8D12200}3484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013303Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.308{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-00100DCF2200}924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013302Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.292{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FD1-5FB6-0000-0010188D1F00}924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013301Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.292{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FD1-5FB6-0000-0010188D1F00}924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013300Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.277{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE5-5FB6-0000-00107A3B2200}6984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013299Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.277{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00107A3B2200}6984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013298Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.277{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE5-5FB6-0000-00107A3B2200}6984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013297Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.261{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-0010CEC92200}3440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013296Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.246{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FDC-5FB6-0000-0010EA722000}3440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013295Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.246{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FDC-5FB6-0000-0010EA722000}3440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013294Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.230{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-0010BCB02100}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013293Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.230{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-0010BCB02100}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013292Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.230{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-0010BCB02100}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013291Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.214{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-0010B3C42200}7028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013290Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.199{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-0010FAAD2100}7028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013289Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.199{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-0010FAAD2100}7028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013288Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.183{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-00101CC22200}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013287Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.167{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-001036AB2100}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013286Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.167{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE3-5FB6-0000-001036AB2100}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013285Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.167{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-00107EBF2200}2516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013284Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.152{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-00107EBF2200}2516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013283Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.152{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-00107EBF2200}2516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013282Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.136{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-0010D7BC2200}6444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013281Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.121{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-0010D7BC2200}6444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013280Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.121{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-0010D7BC2200}6444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013279Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.105{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-00101EBA2200}6460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013278Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.105{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-00101EBA2200}6460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013277Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.105{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-00101EBA2200}6460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013276Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.089{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-001063B72200}5628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013275Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.074{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-001063B72200}5628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013274Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.074{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-001063B72200}5628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013273Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.058{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-001058B42200}6448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013272Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.042{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-001058B42200}6448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013271Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.042{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-001058B42200}6448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013270Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.027{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6C16-5FB6-0000-00108B450F00}6484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013269Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.027{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6C16-5FB6-0000-00108B450F00}6484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013268Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.027{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6C16-5FB6-0000-00108B450F00}6484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 10341000x800000000000000013267Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:18.011{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6FE6-5FB6-0000-0010DEAE2200}6700C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013266Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.996{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE6-5FB6-0000-0010DEAE2200}6700C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013265Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:17.996{2CC55DE6-6E1F-5FB6-0000-001095431100}15927068C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{2CC55DE6-6FE6-5FB6-0000-0010DEAE2200}6700C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33f18(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33d53(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33be6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+33a22(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+11e4f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+f006(wow64) 22542200x800000000000000013361Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:16.931{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996www.google.com0::ffff:172.217.22.4;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013365Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:21.574{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013364Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:21.558{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013363Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:21.558{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013362Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:21.558{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013369Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:22.210{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013368Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:22.190{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013367Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:22.190{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013366Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:22.186{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d2dd7(wow64) 22542200x800000000000000013371Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:21.306{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996consent.google.de0::ffff:216.58.212.142;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013370Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:21.251{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996consent.google.com0::ffff:216.58.207.46;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013379Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:25.726{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013378Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:25.710{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013377Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:25.710{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013376Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:25.706{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d11d0(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+50ec20(wow64) 10341000x800000000000000013375Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:25.526{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013374Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:25.510{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013373Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:25.510{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013372Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:25.506{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013387Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:29.254{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013386Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:29.234{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013385Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:29.234{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013384Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:29.230{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d2dd7(wow64) 10341000x800000000000000013383Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:29.210{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013382Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:29.194{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013381Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:29.194{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013380Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:29.190{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013393Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:30.925{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-6FF2-5FB6-0000-001024302300}4772C:\Windows\system32\fontdrvhost.exe0x13ffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013392Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:30.925{2CC55DE6-6BC4-5FB6-0000-0010B4200700}48682984C:\Windows\system32\winlogon.exe{2CC55DE6-6FF2-5FB6-0000-001024302300}4772C:\Windows\system32\fontdrvhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\winlogon.exe+60dea|C:\Windows\system32\winlogon.exe+3508a|C:\Windows\system32\winlogon.exe+1bbfd|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013391Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:30.869{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013390Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:30.850{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013389Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:30.834{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013388Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:30.834{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013397Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:31.069{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013396Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:31.049{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013395Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:31.049{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013394Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:31.046{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d11d0(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+50ec20(wow64) 10341000x800000000000000013435Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013434Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013433Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013432Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013431Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013430Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013429Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013428Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013427Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013426Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013425Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013424Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64) 10341000x800000000000000013423Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013422Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013421Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013420Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64) 10341000x800000000000000013419Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013418Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013417Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013416Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.945{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64) 10341000x800000000000000013415Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.869{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab33(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a010(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+21b4d4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109cd4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64) 10341000x800000000000000013414Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.869{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab33(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a010(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+21b4d4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109cd4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64) 10341000x800000000000000013413Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.869{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab33(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a010(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+21b4d4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109cd4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64) 10341000x800000000000000013412Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.869{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab33(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a010(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+21b4d4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109cd4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013411Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.869{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10aa77(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a010(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+21b4d4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109cd4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64) 10341000x800000000000000013410Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.869{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10aa77(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a010(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+21b4d4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109cd4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64) 10341000x800000000000000013409Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.869{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10aa77(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a010(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+21b4d4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109cd4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64) 10341000x800000000000000013408Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.869{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10aa77(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a010(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+21b4d4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109cd4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013407Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.865{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10aa77(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a5c4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109d6b(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013406Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.865{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10aa77(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a5c4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109d6b(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013405Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.865{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10aa77(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a5c4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109d6b(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013404Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.865{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10aa77(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a5c4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109d6b(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013403Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.865{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1cae0(wow64)|C:\Windows\System32\shcore.dll+1bb4b(wow64)|C:\Windows\System32\SHELL32.dll+1a7f8b(wow64)|C:\Windows\System32\SHELL32.dll+12ef3f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10aa77(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a5c4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109d6b(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64) 10341000x800000000000000013402Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.865{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+1a7f7d(wow64)|C:\Windows\System32\SHELL32.dll+12ef3f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10aa77(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a5c4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109d6b(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013401Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.865{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+1a7f7d(wow64)|C:\Windows\System32\SHELL32.dll+12ef3f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10aa77(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a5c4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+109d6b(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a364(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013400Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.621{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013399Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.605{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013398Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.605{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013440Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:33.053{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013439Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:33.033{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013438Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:33.033{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013437Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:33.029{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d2dd7(wow64) 22542200x800000000000000013436Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:30.471{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996apis.google.com0type: 5 plus.l.google.com;::ffff:216.58.212.174;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013441Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.444{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996adservice.google.de0type: 5 pagead46.l.doubleclick.net;::ffff:142.250.74.194;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013442Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:32.446{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996ogs.google.de0type: 5 www3.l.google.com;::ffff:216.58.212.174;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013446Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:37.339{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013445Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:37.323{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013444Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:37.323{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013443Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:37.308{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013490Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.721{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013489Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.701{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013488Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.701{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013487Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d2dd7(wow64) 10341000x800000000000000013486Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+845d97(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+51cc2f(wow64) 10341000x800000000000000013485Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+845d97(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+51cc2f(wow64) 10341000x800000000000000013484Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013483Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013482Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+845d97(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+51cc2f(wow64) 10341000x800000000000000013481Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+845d97(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+51cc2f(wow64) 10341000x800000000000000013480Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013479Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013478Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+845d97(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+51cc2f(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+59d841(wow64) 10341000x800000000000000013477Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+845d97(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+51cc2f(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+59d841(wow64) 10341000x800000000000000013476Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013475Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.697{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64) 10341000x800000000000000013474Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.693{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+845d97(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+51cc2f(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+59d841(wow64) 10341000x800000000000000013473Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.693{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+845d97(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+51cc2f(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+59d841(wow64) 10341000x800000000000000013472Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.693{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013471Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.693{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64) 10341000x800000000000000013470Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.693{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+845d97(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+51cc2f(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+59d841(wow64) 10341000x800000000000000013469Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.693{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+845d97(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+51cc2f(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+59d841(wow64) 10341000x800000000000000013468Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.693{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013467Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.693{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d96a(wow64) 10341000x800000000000000013466Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013465Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013464Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013463Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013462Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013461Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013460Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013459Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013458Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013457Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013456Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013455Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64) 10341000x800000000000000013454Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013453Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.529{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013452Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.525{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013451Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.525{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64) 10341000x800000000000000013450Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.525{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013449Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.525{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013448Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.525{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013447Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.525{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64) 22542200x800000000000000013491Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:36.930{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996play.google.com0::ffff:216.58.206.14;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013492Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:38.052{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996consent.youtube.com0::ffff:216.58.212.174;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013496Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:42.965{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013495Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:42.949{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013494Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:42.945{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013493Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:42.941{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013520Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013519Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013518Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013517Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013516Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013515Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013514Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013513Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013512Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013511Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013510Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013509Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.757{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64) 10341000x800000000000000013508Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013507Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013506Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013505Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013504Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013503Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013502Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013501Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013500Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013499Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013498Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013497Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:52.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64) 10341000x800000000000000013524Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:53.129{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013523Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:53.109{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013522Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:53.109{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013521Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:53.105{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d11d0(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d4239(wow64) 10341000x800000000000000013540Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.937{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FE4-5FB6-0000-001040172200}5548C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013539Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.937{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013538Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.937{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013537Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.937{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013536Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.937{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013535Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.937{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-001040172200}5548C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013534Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.937{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FE4-5FB6-0000-001040172200}5548C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013533Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.938{2CC55DE6-700D-5FB6-0000-0010559C2300}5548C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013532Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.509{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013531Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.489{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013530Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.489{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013529Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.485{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d11d0(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+50ec20(wow64) 10341000x800000000000000013528Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.221{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013527Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.205{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013526Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.205{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013525Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:57.197{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013549Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:58.817{2CC55DE6-700E-5FB6-0000-0010A39E2300}38087156C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013548Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:58.665{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FE5-5FB6-0000-00103BAC2200}3808C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013547Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:58.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013546Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:58.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013545Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:58.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013544Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:58.665{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013543Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:58.665{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE5-5FB6-0000-00103BAC2200}3808C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013542Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:58.665{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FE5-5FB6-0000-00103BAC2200}3808C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013541Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:58.666{2CC55DE6-700E-5FB6-0000-0010A39E2300}3808C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013584Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.870{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013583Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.839{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013582Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.839{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013581Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.839{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d2dd7(wow64) 10341000x800000000000000013580Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013579Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013578Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013577Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013576Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013575Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013574Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013573Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013572Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013571Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013570Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013569Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64) 10341000x800000000000000013568Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013567Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013566Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013565Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64) 10341000x800000000000000013564Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013563Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013562Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013561Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.776{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64) 10341000x800000000000000013560Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.354{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FE3-5FB6-0000-0010E49A2100}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013559Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.354{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013558Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.354{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013557Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.354{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013556Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.354{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013555Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.354{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FE3-5FB6-0000-0010E49A2100}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013554Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.354{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FE3-5FB6-0000-0010E49A2100}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013553Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.355{2CC55DE6-700F-5FB6-0000-0010B8A12300}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013552Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.117{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013551Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.101{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013550Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.101{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013593Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:00.667{2CC55DE6-7010-5FB6-0000-001001B32300}65765932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013592Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:00.511{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7010-5FB6-0000-001001B32300}6576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013591Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:00.511{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013590Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:00.511{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013589Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:00.511{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013588Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:00.511{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013587Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:00.511{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-7010-5FB6-0000-001001B32300}6576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013586Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:00.511{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7010-5FB6-0000-001001B32300}6576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013585Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:00.511{2CC55DE6-7010-5FB6-0000-001001B32300}6576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013611Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.854{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FDA-5FB6-0000-001069612000}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013610Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.854{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013609Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.854{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013608Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.854{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013607Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.854{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013606Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.854{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-6FDA-5FB6-0000-001069612000}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013605Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.854{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FDA-5FB6-0000-001069612000}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013604Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.855{2CC55DE6-7011-5FB6-0000-0010A8B82300}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x800000000000000013603Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.356{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996firefox.com0::ffff:44.236.48.31;::ffff:44.236.72.93;::ffff:44.235.246.155;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013602Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.323{2CC55DE6-7011-5FB6-0000-001075B52300}70486312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013601Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.182{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-6FE4-5FB6-0000-0010452A2200}7048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013600Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.182{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013599Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.182{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013598Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.182{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013597Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.182{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013596Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.182{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-6FE4-5FB6-0000-0010452A2200}7048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013595Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.182{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-6FE4-5FB6-0000-0010452A2200}7048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013594Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:01.183{2CC55DE6-7011-5FB6-0000-001075B52300}7048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013618Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:02.917{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013617Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:02.901{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013616Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:02.901{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013615Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:02.886{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013614Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.885{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996o.ss2.us0::ffff:143.204.214.76;::ffff:143.204.214.110;::ffff:143.204.214.219;::ffff:143.204.214.40;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013613Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:15:59.864{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996www.firefox.com0type: 5 fxc-prod.moz.works;type: 5 dzlgdtxcws9pb.cloudfront.net;::ffff:143.204.93.114;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013612Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:02.011{2CC55DE6-7011-5FB6-0000-0010A8B82300}70166552C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013642Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.823{2CC55DE6-6FD0-5FB6-0000-001063721F00}50445532C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7227|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ec07|C:\Windows\SYSTEM32\IEFRAME.dll+12df6a|C:\Windows\SYSTEM32\IEFRAME.dll+12e712|C:\Windows\SYSTEM32\IEFRAME.dll+12e150|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013641Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.823{2CC55DE6-6FD0-5FB6-0000-001063721F00}50445532C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7192|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ec07|C:\Windows\SYSTEM32\IEFRAME.dll+12df6a|C:\Windows\SYSTEM32\IEFRAME.dll+12e712|C:\Windows\SYSTEM32\IEFRAME.dll+12e150|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013640Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.823{2CC55DE6-6FD0-5FB6-0000-001063721F00}50445532C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ec07|C:\Windows\SYSTEM32\IEFRAME.dll+12df6a|C:\Windows\SYSTEM32\IEFRAME.dll+12e712|C:\Windows\SYSTEM32\IEFRAME.dll+12e150|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013639Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.823{2CC55DE6-6FD0-5FB6-0000-001063721F00}50445532C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ec07|C:\Windows\SYSTEM32\IEFRAME.dll+12df6a|C:\Windows\SYSTEM32\IEFRAME.dll+12e712|C:\Windows\SYSTEM32\IEFRAME.dll+12e150|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013638Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013637Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013636Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013635Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013634Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013633Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013632Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013631Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013630Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013629Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013628Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013627Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.373{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64) 10341000x800000000000000013626Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.010{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7013-5FB6-0000-00102CBE2300}6588C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013625Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.010{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013624Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.010{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013623Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.010{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013622Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.010{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013621Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.010{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-7013-5FB6-0000-00102CBE2300}6588C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013620Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.010{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7013-5FB6-0000-00102CBE2300}6588C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013619Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:03.011{2CC55DE6-7013-5FB6-0000-00102CBE2300}6588C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013666Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013665Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013664Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013663Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013662Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013661Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64) 10341000x800000000000000013660Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013659Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013658Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013657Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5bc5(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13f579(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13fa8d(wow64) 10341000x800000000000000013656Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013655Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.875{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+b5d7f(wow64) 10341000x800000000000000013654Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013653Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013652Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013651Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013650Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013649Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013648Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013647Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013646Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013645Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013644Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013643Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:05.682{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64) 10341000x800000000000000013671Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:07.354{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013670Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:07.339{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013669Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:07.339{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013668Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:07.323{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa08(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba9bf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1ba966(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a8abf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b324e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b319b(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+28a79e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+286255(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+28a3a3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+2967cd(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1827e3(wow64)|C:\Windows\SYSTEM32\urlmon.dll+4f0b8(wow64) 11241100x800000000000000013667Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:07.245{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\YPNBTJ40\Firefox%20Installer[1].exe2020-11-19 13:16:07.245 10341000x800000000000000013675Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:10.526{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013674Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:10.510{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013673Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:10.510{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013672Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:10.510{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013695Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013694Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013693Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013692Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10abbf(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013691Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013690Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013689Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64) 10341000x800000000000000013688Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10ab73(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a96a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013687Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013686Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013685Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013684Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a94f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64) 10341000x800000000000000013683Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013682Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013681Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013680Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a918(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64) 10341000x800000000000000013679Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013678Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013677Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64) 10341000x800000000000000013676Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:11.854{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996668C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a8e3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a438(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+10a386(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e8fa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11e6c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11d72a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+11c408(wow64) 10341000x800000000000000013698Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:12.010{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+67d5|C:\Windows\SYSTEM32\IEFRAME.dll+6283|C:\Windows\SYSTEM32\IEFRAME.dll+5f1d|C:\Windows\SYSTEM32\IEFRAME.dll+72e3|C:\Windows\SYSTEM32\IEFRAME.dll+d5c46|C:\Windows\SYSTEM32\IEFRAME.dll+4883f|C:\Windows\SYSTEM32\IEFRAME.dll+48720|C:\Windows\SYSTEM32\IEFRAME.dll+4369c|C:\Windows\SYSTEM32\IEFRAME.dll+41408|C:\Windows\SYSTEM32\IEFRAME.dll+314b8a|C:\Windows\SYSTEM32\IEFRAME.dll+adc5a|C:\Windows\SYSTEM32\IEFRAME.dll+ae686|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000013697Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:12.010{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+67d5|C:\Windows\SYSTEM32\IEFRAME.dll+6283|C:\Windows\SYSTEM32\IEFRAME.dll+5f1d|C:\Windows\SYSTEM32\IEFRAME.dll+72e3|C:\Windows\SYSTEM32\IEFRAME.dll+d5c46|C:\Windows\SYSTEM32\IEFRAME.dll+4883f|C:\Windows\SYSTEM32\IEFRAME.dll+48720|C:\Windows\SYSTEM32\IEFRAME.dll+4369c|C:\Windows\SYSTEM32\IEFRAME.dll+41408|C:\Windows\SYSTEM32\IEFRAME.dll+314b8a|C:\Windows\SYSTEM32\IEFRAME.dll+adc5a|C:\Windows\SYSTEM32\IEFRAME.dll+ae686|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000013696Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:12.010{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+67d5|C:\Windows\SYSTEM32\IEFRAME.dll+6283|C:\Windows\SYSTEM32\IEFRAME.dll+5f1d|C:\Windows\SYSTEM32\IEFRAME.dll+72e3|C:\Windows\SYSTEM32\IEFRAME.dll+d5c46|C:\Windows\SYSTEM32\IEFRAME.dll+4883f|C:\Windows\SYSTEM32\IEFRAME.dll+48720|C:\Windows\SYSTEM32\IEFRAME.dll+4369c|C:\Windows\SYSTEM32\IEFRAME.dll+41408|C:\Windows\SYSTEM32\IEFRAME.dll+314b8a|C:\Windows\SYSTEM32\IEFRAME.dll+adc5a|C:\Windows\SYSTEM32\IEFRAME.dll+ae686|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000013704Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:13.198{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013703Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:13.198{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013702Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDownloads2020-11-19 13:16:13.182{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Users\Administrator\Downloads\Firefox Installer.exe.aewwlf8.partial2020-11-19 13:16:13.182 11241100x800000000000000013701Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDownloads2020-11-19 13:16:13.182{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exeC:\Users\Administrator\Downloads\Firefox Installer.exe.aewwlf8.partial2020-11-19 13:16:13.182 10341000x800000000000000013700Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:13.088{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013699Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:13.088{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013722Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.979{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000013721Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDBSetValue2020-11-19 13:16:14.979{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Administrator\Downloads\Firefox Installer.exeBinary Data 10341000x800000000000000013720Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.979{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041424C:\Windows\System32\svchost.exe{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013719Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.979{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041424C:\Windows\System32\svchost.exe{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013718Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.963{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013717Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.963{2CC55DE6-6FD0-5FB6-0000-001063721F00}50444840C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+13755f|C:\Windows\System32\windows.storage.dll+1371d5|C:\Windows\System32\windows.storage.dll+136cc6|C:\Windows\System32\windows.storage.dll+138138|C:\Windows\System32\windows.storage.dll+136aee|C:\Windows\System32\windows.storage.dll+10a3b5|C:\Windows\System32\windows.storage.dll+10a734|C:\Windows\System32\windows.storage.dll+109d70|C:\Windows\System32\SHELL32.dll+74f4f|C:\Windows\System32\SHELL32.dll+74ddc|C:\Windows\System32\SHELL32.dll+74b2c|C:\Windows\System32\SHELL32.dll+c76a7|C:\Windows\System32\SHELL32.dll+c7605|C:\Windows\SYSTEM32\IEFRAME.dll+2a2b2d|C:\Windows\SYSTEM32\IEFRAME.dll+22c5dc|C:\Windows\SYSTEM32\IEFRAME.dll+22af56|C:\Windows\SYSTEM32\IEFRAME.dll+1debf3|C:\Windows\SYSTEM32\IEFRAME.dll+406f6d|C:\Windows\SYSTEM32\IEFRAME.dll+406e7e|C:\Windows\SYSTEM32\IEFRAME.dll+3fcfaf 10341000x800000000000000013716Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.963{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013715Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.963{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013714Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.963{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013713Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.963{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013712Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.961{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe18.05FirefoxFirefoxMozilla7zS.sfx.exe"C:\Users\Administrator\Downloads\Firefox Installer.exe" C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=10AB4075D9C81C5FFA3112C2C74897E6,SHA256=8A63DC2FC7D97EDD547915080D7663A8753DCFA4BAD2D5A153D8266C9CA682CC,IMPHASH=00000000000000000000000000000000{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" 10341000x800000000000000013711Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.948{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6437|C:\Windows\System32\shcore.dll+6327|C:\Windows\System32\shcore.dll+629d|C:\Windows\System32\shcore.dll+61aa|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+67d5|C:\Windows\SYSTEM32\IEFRAME.dll+6283|C:\Windows\SYSTEM32\IEFRAME.dll+5f1d|C:\Windows\SYSTEM32\IEFRAME.dll+6cfc|C:\Windows\SYSTEM32\IEFRAME.dll+d5c81|C:\Windows\SYSTEM32\IEFRAME.dll+4372e|C:\Windows\SYSTEM32\IEFRAME.dll+41408|C:\Windows\SYSTEM32\IEFRAME.dll+adc6b|C:\Windows\SYSTEM32\IEFRAME.dll+ae686|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\IEFRAME.dll+b4dfc|C:\Windows\SYSTEM32\IEFRAME.dll+c6617|C:\Windows\SYSTEM32\IEFRAME.dll+f7ba8 10341000x800000000000000013710Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.948{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013709Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.948{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013708Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.948{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+67d5|C:\Windows\SYSTEM32\IEFRAME.dll+6283|C:\Windows\SYSTEM32\IEFRAME.dll+5f1d|C:\Windows\SYSTEM32\IEFRAME.dll+6cfc|C:\Windows\SYSTEM32\IEFRAME.dll+d5c81|C:\Windows\SYSTEM32\IEFRAME.dll+4372e|C:\Windows\SYSTEM32\IEFRAME.dll+41408|C:\Windows\SYSTEM32\IEFRAME.dll+adc6b|C:\Windows\SYSTEM32\IEFRAME.dll+ae686|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\IEFRAME.dll+b4dfc|C:\Windows\SYSTEM32\IEFRAME.dll+c6617 10341000x800000000000000013707Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.948{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+889ee|C:\Windows\SYSTEM32\IEFRAME.dll+67d5|C:\Windows\SYSTEM32\IEFRAME.dll+6283|C:\Windows\SYSTEM32\IEFRAME.dll+5f1d|C:\Windows\SYSTEM32\IEFRAME.dll+6cfc|C:\Windows\SYSTEM32\IEFRAME.dll+d5c81|C:\Windows\SYSTEM32\IEFRAME.dll+4372e|C:\Windows\SYSTEM32\IEFRAME.dll+41408|C:\Windows\SYSTEM32\IEFRAME.dll+adc6b|C:\Windows\SYSTEM32\IEFRAME.dll+ae686|C:\Windows\SYSTEM32\IEFRAME.dll+aa608|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\IEFRAME.dll+b4dfc|C:\Windows\SYSTEM32\IEFRAME.dll+c6617|C:\Windows\SYSTEM32\IEFRAME.dll+f7ba8 10341000x800000000000000013706Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.932{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013705Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.932{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013778Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:15.588{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe2020-11-19 13:16:15.588 11241100x800000000000000013777Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:15.588{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\InetBgDL.dll2020-11-19 13:16:15.588 10341000x800000000000000013776Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.448{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013775Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.448{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013774Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.448{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013773Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.432{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013772Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.385{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013771Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.385{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013770Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.385{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013769Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.385{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013768Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.385{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013767Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.385{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013766Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.385{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013765Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.385{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013764Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:15.385{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\WebBrowser.dll2020-11-19 13:16:15.370 10341000x800000000000000013763Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.260{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013762Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.260{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+519e0|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013761Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.260{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e75c0|C:\Windows\System32\SHELL32.dll+5199c|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013760Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.260{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013759Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.260{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013758Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:15.104{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\CityHash.dll2020-11-19 13:16:15.104 10341000x800000000000000013757Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.104{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013756Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.104{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013755Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:15.088{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\UserInfo.dll2020-11-19 13:16:15.088 11241100x800000000000000013754Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:15.088{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\UAC.dll2020-11-19 13:16:15.088 11241100x800000000000000013753Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:15.088{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\System.dll2020-11-19 13:16:15.088 10341000x800000000000000013752Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.073{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013751Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.073{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013750Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.073{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013749Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.057{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013748Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.057{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013747Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.042{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013746Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.026{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013745Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.026{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013744Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.026{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013743Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.026{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013742Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.026{2CC55DE6-701E-5FB6-0000-00107F282400}19324604C:\Users\Administrator\Downloads\Firefox Installer.exe{2CC55DE6-6FE3-5FB6-0000-001063BE2100}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+159f0b(wow64)|C:\Windows\System32\KERNELBASE.dll+159bbc(wow64)|C:\Users\Administrator\Downloads\Firefox Installer.exe+18fd0|C:\Users\Administrator\Downloads\Firefox Installer.exe+1a0da|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 154100x800000000000000013741Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.036{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe83.0Firefox InstallerFirefoxMozilla Corporationsetup-stub.exe.\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=B567E329C2A52C1BA39C3308FE792FF3,SHA256=AECCA4A13E6E83E088AF58839B072553447474D73F9B917AE72D38AEEB966869,IMPHASH=E2A592076B17EF8BFB48B7E03965A3FC{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe"C:\Users\Administrator\Downloads\Firefox Installer.exe" 10341000x800000000000000013740Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.026{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-6FE3-5FB6-0000-001063BE2100}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013739Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.026{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013738Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.026{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013737Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:15.010{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe2020-11-19 13:16:15.010 10341000x800000000000000013736Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.010{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013735Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.010{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013734Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.010{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013733Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.010{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013732Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.010{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013731Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.010{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013730Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.010{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013729Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:15.010{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013728Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.995{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+519e0|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013727Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.995{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e75c0|C:\Windows\System32\SHELL32.dll+5199c|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013726Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.995{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013725Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.995{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013724Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.995{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013723Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:14.995{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000013800Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:16:15.179{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local61838false54.145.109.57ec2-54-145-109-57.compute-1.amazonaws.com443https 11241100x800000000000000013799Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:16.604{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\CertCheck.dll2020-11-19 13:16:16.604 10341000x800000000000000013798Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.385{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446156C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7227|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\windows.storage.dll+1de15|C:\Windows\System32\windows.storage.dll+1dd5d|C:\Windows\System32\windows.storage.dll+1c1a6|C:\Windows\SYSTEM32\IEFRAME.dll+122d6f|C:\Windows\SYSTEM32\IEFRAME.dll+1bfa09|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013797Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.385{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446156C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7192|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\windows.storage.dll+1de15|C:\Windows\System32\windows.storage.dll+1dd5d|C:\Windows\System32\windows.storage.dll+1c1a6|C:\Windows\SYSTEM32\IEFRAME.dll+122d6f|C:\Windows\SYSTEM32\IEFRAME.dll+1bfa09|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013796Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.385{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446156C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\windows.storage.dll+1de15|C:\Windows\System32\windows.storage.dll+1dd5d|C:\Windows\System32\windows.storage.dll+1c1a6|C:\Windows\SYSTEM32\IEFRAME.dll+122d6f|C:\Windows\SYSTEM32\IEFRAME.dll+1bfa09|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013795Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.385{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446156C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\windows.storage.dll+1de15|C:\Windows\System32\windows.storage.dll+1dd5d|C:\Windows\System32\windows.storage.dll+1c1a6|C:\Windows\SYSTEM32\IEFRAME.dll+122d6f|C:\Windows\SYSTEM32\IEFRAME.dll+1bfa09|C:\Windows\SYSTEM32\IEFRAME.dll+3005e|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013794Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.307{2CC55DE6-6FD0-5FB6-0000-001063721F00}50443016C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7227|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ec07|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013793Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.307{2CC55DE6-6FD0-5FB6-0000-001063721F00}50443016C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+124a5|C:\Windows\System32\windows.storage.dll+e7192|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ec07|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013792Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.307{2CC55DE6-6FD0-5FB6-0000-001063721F00}50443016C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+6422|C:\Windows\System32\shcore.dll+611d|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ec07|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013791Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.307{2CC55DE6-6FD0-5FB6-0000-001063721F00}50443016C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+6468|C:\Windows\System32\shcore.dll+60f4|C:\Windows\System32\shcore.dll+5ddd|C:\Windows\System32\shcore.dll+5d6f|C:\Windows\System32\shcore.dll+5c74|C:\Windows\System32\windows.storage.dll+e7177|C:\Windows\System32\windows.storage.dll+e6b53|C:\Windows\System32\windows.storage.dll+e69d9|C:\Windows\System32\shcore.dll+2ec07|C:\Windows\SYSTEM32\IEFRAME.dll+4d79c|C:\Windows\SYSTEM32\IEFRAME.dll+4d595|C:\Windows\SYSTEM32\IEFRAME.dll+4d332|C:\Windows\SYSTEM32\IEFRAME.dll+4cfc7|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013790Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.292{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013789Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.292{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013788Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.292{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013787Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.292{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+519e0|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013786Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.292{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e75c0|C:\Windows\System32\SHELL32.dll+5199c|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013785Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.292{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013784Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.292{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013783Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.198{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013782Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.198{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013781Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.198{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-0010C97D1F00}6996C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013780Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.198{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013779Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:16.198{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013801Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:17.917{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013854Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.979{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\mozglue.dll2020-11-19 13:16:18.979 11241100x800000000000000013853Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.963{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\mozavutil.dll2020-11-19 13:16:18.963 11241100x800000000000000013852Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.917{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\mozavcodec.dll2020-11-19 13:16:18.917 11241100x800000000000000013851Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.838{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\libGLESv2.dll2020-11-19 13:16:18.838 11241100x800000000000000013850Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.823{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\libEGL.dll2020-11-19 13:16:18.823 11241100x800000000000000013849Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.823{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\lgpllibs.dll2020-11-19 13:16:18.823 11241100x800000000000000013848Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.823{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\IA2Marshal.dll2020-11-19 13:16:18.823 11241100x800000000000000013847Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.807{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\freebl3.dll2020-11-19 13:16:18.807 11241100x800000000000000013846Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.698{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\d3dcompiler_47.dll2020-11-19 13:16:18.698 11241100x800000000000000013845Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.698{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\gmp-clearkey\0.1\clearkey.dll2020-11-19 13:16:18.682 11241100x800000000000000013844Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-utility-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013843Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-time-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013842Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-string-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013841Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-stdio-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013840Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-runtime-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013839Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-process-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013838Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-private-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013837Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-multibyte-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013836Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-math-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013835Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-locale-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013834Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-heap-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013833Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-filesystem-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013832Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-environment-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013831Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-convert-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013830Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-crt-conio-l1-1-0.dll2020-11-19 13:16:18.682 11241100x800000000000000013829Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.682{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-core-timezone-l1-1-0.dll2020-11-19 13:16:18.667 11241100x800000000000000013828Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.667{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-core-synch-l1-2-0.dll2020-11-19 13:16:18.667 11241100x800000000000000013827Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.667{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-core-processthreads-l1-1-1.dll2020-11-19 13:16:18.667 11241100x800000000000000013826Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.667{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-core-localization-l1-2-0.dll2020-11-19 13:16:18.667 11241100x800000000000000013825Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.667{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-core-file-l2-1-0.dll2020-11-19 13:16:18.667 11241100x800000000000000013824Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.667{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\api-ms-win-core-file-l1-2-0.dll2020-11-19 13:16:18.667 11241100x800000000000000013823Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.667{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\AccessibleMarshal.dll2020-11-19 13:16:18.667 11241100x800000000000000013822Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.667{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\AccessibleHandler.dll2020-11-19 13:16:18.667 11241100x800000000000000013821Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.667{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\updater.exe2020-11-19 13:16:18.667 11241100x800000000000000013820Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.651{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe2020-11-19 13:16:18.651 11241100x800000000000000013819Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.651{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\plugin-hang-ui.exe2020-11-19 13:16:18.651 11241100x800000000000000013818Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.651{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\plugin-container.exe2020-11-19 13:16:18.651 11241100x800000000000000013817Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.651{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\pingsender.exe2020-11-19 13:16:18.651 11241100x800000000000000013816Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.635{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\minidump-analyzer.exe2020-11-19 13:16:18.635 11241100x800000000000000013815Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.635{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\maintenanceservice_installer.exe2020-11-19 13:16:18.635 11241100x800000000000000013814Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.635{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\maintenanceservice.exe2020-11-19 13:16:18.635 11241100x800000000000000013813Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.620{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\uninstall\helper.exe2020-11-19 13:16:18.620 11241100x800000000000000013812Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.588{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\firefox.exe2020-11-19 13:16:18.588 11241100x800000000000000013811Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.573{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\default-browser-agent.exe2020-11-19 13:16:18.573 11241100x800000000000000013810Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:18.573{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\crashreporter.exe2020-11-19 13:16:18.573 10341000x800000000000000013809Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:18.432{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013808Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:18.432{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013807Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:18.432{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013806Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:18.432{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013805Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:18.432{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013804Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:18.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe+57f3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe+1eeb|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe+13a8|C:\Windows\SYSTEM32\ntdll.dll+70ead(wow64) 154100x800000000000000013803Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:17.924{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe18.05FirefoxFirefoxMozilla7zS.sfx.exe"C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe" /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\config.iniC:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=4FAA815A3C1820D1F8E3FA1E621BE00F,SHA256=1301E01D2F87AD7C0A15177E2E06EC5B5991B9CC494B8B5F6017FDDFEEF1B767,IMPHASH=00000000000000000000000000000000{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe.\setup-stub.exe 354300x800000000000000013802Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:16:15.469{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local61839false143.204.212.60server-143-204-212-60.fra53.r.cloudfront.net443https 11241100x800000000000000013863Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:19.135{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\xul.dll2020-11-19 13:16:19.135 11241100x800000000000000013862Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:19.135{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\vcruntime140.dll2020-11-19 13:16:19.135 11241100x800000000000000013861Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:19.104{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\ucrtbase.dll2020-11-19 13:16:19.104 11241100x800000000000000013860Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:19.104{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\softokn3.dll2020-11-19 13:16:19.104 11241100x800000000000000013859Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:19.104{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\qipcap64.dll2020-11-19 13:16:19.104 11241100x800000000000000013858Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:19.088{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\osclientcerts.dll2020-11-19 13:16:19.088 11241100x800000000000000013857Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:19.088{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\nssckbi.dll2020-11-19 13:16:19.088 11241100x800000000000000013856Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:19.010{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\nss3.dll2020-11-19 13:16:19.010 11241100x800000000000000013855Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:18.995{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\core\msvcp140.dll2020-11-19 13:16:18.995 10341000x800000000000000013961Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000013960Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013959Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013958Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013957Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013956Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000013955Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013954Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013953Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000013952Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000013951Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013950Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013949Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000013948Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000013947Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll2020-11-19 13:16:23.995 10341000x800000000000000013946Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013945Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013944Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013943Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013942Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013941Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013940Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000013939Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013938Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013937Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013936Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013935Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000013934Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013933Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013932Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000013931Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000013930Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013929Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013928Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000013927Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000013926Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\AccessibleMarshal.dll2020-11-19 13:16:23.979 10341000x800000000000000013925Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013924Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013923Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013922Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013921Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013920Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013919Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000013918Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013917Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013916Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013915Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013914Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000013913Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013912Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013911Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000013910Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000013909Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013908Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013907Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000013906Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000013905Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\AccessibleHandler.dll2020-11-19 13:16:23.979 10341000x800000000000000013904Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013903Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013902Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013901Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.979{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013900Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013899Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013898Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000013897Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013896Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013895Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013894Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013893Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000013892Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013891Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013890Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000013889Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000013888Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013887Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013886Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000013885Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000013884Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013883Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013882Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013881Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013880Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1cae0(wow64)|C:\Windows\System32\shcore.dll+1bb4b(wow64)|C:\Windows\System32\windows.storage.dll+1a1adc(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013879Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1a1ace(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013878Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1a1ace(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000013877Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.948{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013876Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:23.932{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\CityHash.dll2020-11-19 13:16:23.932 11241100x800000000000000013875Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:23.885{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\UAC.dll2020-11-19 13:16:23.885 11241100x800000000000000013874Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:23.885{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\System.dll2020-11-19 13:16:23.885 10341000x800000000000000013873Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.854{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013872Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.854{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013871Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.745{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365108C:\Windows\system32\csrss.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013870Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.620{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013869Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.620{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013868Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.620{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013867Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.620{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013866Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.620{2CC55DE6-7021-5FB6-0000-001016502400}20886528C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+159f0b(wow64)|C:\Windows\System32\KERNELBASE.dll+159bbc(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe+18fd0|C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe+1a0da|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 154100x800000000000000013865Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.624{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe83.0Firefox InstallerFirefoxMozilla Corporationsetup.exe.\setup.exe /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\config.iniC:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=E9D68D51E2789D31E6B16E0C85AA19C7,SHA256=05D5B6D7AFAE44992103D2ABEF59C2409D14F329FB9561CA2F1F93B95F11EFF2,IMPHASH=E2A592076B17EF8BFB48B7E03965A3FC{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe"C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe" /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\config.ini 10341000x800000000000000013864Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.620{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015995Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015994Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015993Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015992Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015991Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015990Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015989Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015988Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015987Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015986Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015985Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015984Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015983Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015982Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015981Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015980Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365216C:\Windows\system32\csrss.exe{2CC55DE6-7028-5FB6-0000-0010D1BB2400}6316C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015979Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-7028-5FB6-0000-0010D1BB2400}6316C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+57f3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+1eeb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 154100x800000000000000015978Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.974{2CC55DE6-7028-5FB6-0000-0010D1BB2400}6316C:\Windows\System32\regsvr32.exe10.0.14393.0 (rs1_release.160715-1616)Microsoft(C) Register ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationREGSVR32.EXE"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=8CF9086BE38A15E905924B4A45D814D9,SHA256=00A1CF85C6AB96DF38A4023F0CEE4DF60F62280768FC9C06A235E6D2D644169D,IMPHASH=1C8D7F52BBDAEF92EB0104CB6362D5D0{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe.\setup.exe /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\config.ini 10341000x800000000000000015977Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-7028-5FB6-0000-0010D1BB2400}6316C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015976Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015975Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015974Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015973Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015972Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015971Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015970Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015969Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015968Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015967Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015966Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015965Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015964Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015963Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015962Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015961Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015960Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015959Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015958Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015957Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015956Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015955Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015954Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015953Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015952Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015951Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015950Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015949Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015948Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015947Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015946Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015945Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015944Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015943Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015942Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015941Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.963{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015940Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015939Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015938Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015937Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015936Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015935Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015934Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015933Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015932Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015931Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015930Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015929Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015928Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015927Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015926Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015925Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015924Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015923Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015922Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015921Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015920Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015919Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015918Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015917Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015916Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015915Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015914Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015913Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015912Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015911Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015910Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015909Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015908Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015907Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015906Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015905Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015904Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015903Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015902Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015901Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.948{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015900Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015899Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015898Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015897Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015896Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015895Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015894Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015893Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015892Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015891Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015890Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015889Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015888Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015887Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015886Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015885Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015884Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015883Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015882Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015881Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015880Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015879Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015878Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015877Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015876Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015875Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015874Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015873Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015872Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015871Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015870Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015869Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015868Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015867Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015866Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015865Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015864Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015863Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015862Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015861Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015860Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015859Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015858Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015857Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.932{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015856Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015855Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015854Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015853Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015852Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015851Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015850Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015849Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015848Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015847Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015846Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015845Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015844Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015843Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015842Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015841Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015840Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015839Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015838Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015837Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015836Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015835Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015834Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015833Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015832Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015831Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015830Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015829Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015828Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015827Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015826Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015825Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015824Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015823Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015822Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015821Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015820Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015819Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015818Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015817Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.916{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015816Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015815Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015814Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015813Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015812Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015811Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015810Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015809Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015808Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015807Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015806Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015805Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015804Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015803Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015802Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015801Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015800Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015799Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015798Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015797Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015796Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015795Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015794Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015793Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015792Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015791Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015790Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015789Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015788Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015787Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015786Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015785Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015784Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015783Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015782Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015781Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015780Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015779Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015778Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015777Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015776Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015775Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015774Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015773Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015772Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015771Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015770Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015769Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015768Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015767Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015766Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015765Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015764Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015763Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015762Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015761Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.901{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015760Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015759Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015758Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015757Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015756Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015755Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015754Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015753Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015752Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015751Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015750Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015749Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015748Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015747Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015746Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015745Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015744Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015743Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015742Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015741Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015740Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015739Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015738Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015737Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015736Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015735Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015734Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015733Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015732Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015731Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015730Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015729Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015728Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015727Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015726Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015725Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015724Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015723Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015722Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015721Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015720Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015719Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015718Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015717Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.885{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015716Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015715Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015714Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015713Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015712Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015711Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015710Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015709Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015708Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015707Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015706Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015705Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015704Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015703Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015702Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015701Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.870{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015700Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015699Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015698Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015697Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015696Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015695Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015694Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015693Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015692Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015691Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015690Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015689Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015688Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015687Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015686Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015685Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015684Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015683Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015682Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015681Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.838{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015680Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015679Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015678Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015677Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015676Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015675Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015674Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015673Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015672Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015671Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015670Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015669Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015668Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015667Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015666Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015665Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015664Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015663Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015662Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015661Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015660Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015659Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015658Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015657Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015656Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015655Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015654Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015653Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015652Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015651Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015650Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015649Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015648Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015647Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015646Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015645Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015644Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015643Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015642Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015641Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.823{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015640Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015639Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015638Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015637Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015636Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015635Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015634Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015633Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015632Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015631Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015630Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015629Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015628Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015627Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015626Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015625Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015624Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015623Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015622Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015621Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015620Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015619Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015618Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015617Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015616Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015615Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015614Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015613Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015612Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015611Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015610Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015609Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015608Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015607Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015606Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015605Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015604Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015603Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015602Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015601Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015600Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015599Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015598Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015597Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.807{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015596Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015595Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015594Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015593Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015592Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015591Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015590Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015589Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015588Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015587Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015586Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015585Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015584Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015583Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015582Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015581Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000015580Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll2020-11-19 13:16:24.791 10341000x800000000000000015579Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015578Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015577Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015576Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015575Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015574Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015573Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015572Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015571Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015570Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015569Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015568Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015567Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015566Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015565Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015564Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015563Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015562Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015561Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015560Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015559Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015558Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015557Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015556Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.791{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015555Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015554Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015553Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015552Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015551Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015550Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015549Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015548Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015547Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015546Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015545Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015544Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015543Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015542Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015541Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015540Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015539Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015538Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015537Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015536Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015535Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015534Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015533Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015532Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015531Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015530Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015529Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015528Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015527Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015526Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015525Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015524Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015523Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015522Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015521Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015520Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015519Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015518Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015517Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015516Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015515Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015514Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015513Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015512Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015511Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015510Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015509Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015508Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015507Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015506Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015505Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015504Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015503Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015502Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015501Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015500Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015499Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015498Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015497Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015496Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015495Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015494Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015493Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015492Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015491Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015490Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015489Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015488Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015487Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015486Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015485Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015484Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015483Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015482Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015481Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015480Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015479Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015478Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015477Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015476Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015475Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015474Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015473Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015472Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015471Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015470Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015469Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015468Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015467Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015466Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015465Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015464Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015463Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015462Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015461Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015460Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015459Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015458Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015457Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015456Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015455Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015454Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015453Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015452Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015451Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015450Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015449Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015448Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015447Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015446Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015445Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015444Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015443Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015442Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015441Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015440Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.760{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000015439Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\uninstall\helper.exe2020-11-19 13:16:24.745 10341000x800000000000000015438Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015437Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015436Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015435Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015434Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015433Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015432Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015431Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015430Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015429Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015428Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015427Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015426Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015425Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015424Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015423Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015422Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015421Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015420Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015419Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015418Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015417Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015416Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015415Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015414Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015413Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015412Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015411Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015410Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015409Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015408Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015407Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015406Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015405Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015404Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015403Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.745{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015402Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015401Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015400Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015399Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015398Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015397Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015396Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015395Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015394Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015393Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015392Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015391Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015390Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015389Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015388Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015387Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015386Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015385Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015384Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015383Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.666{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015382Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015381Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015380Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015379Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015378Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015377Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015376Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015375Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015374Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015373Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015372Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015371Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015370Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015369Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015368Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015367Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015366Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015365Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015364Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015363Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.557{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015362Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.510{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015361Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.510{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015360Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.510{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015359Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.510{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015358Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015357Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015356Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015355Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015354Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015353Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015352Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015351Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015350Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015349Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015348Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015347Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015346Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015345Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015344Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015343Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015342Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015341Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015340Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015339Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.448{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 11241100x800000000000000015338Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\xul.dll2020-11-19 13:16:24.416 10341000x800000000000000015337Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015336Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015335Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015334Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015333Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015332Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015331Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015330Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015329Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015328Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015327Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015326Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015325Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015324Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015323Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015322Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015321Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015320Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015319Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015318Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000015317Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\vcruntime140.dll2020-11-19 13:16:24.416 10341000x800000000000000015316Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015315Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015314Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015313Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015312Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015311Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015310Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015309Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015308Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015307Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015306Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015305Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015304Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015303Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015302Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015301Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015300Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015299Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015298Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015297Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015296Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015295Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015294Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015293Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015292Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015291Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015290Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015289Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015288Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015287Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015286Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015285Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015284Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015283Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015282Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015281Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015280Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015279Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015278Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015277Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000015276Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\updater.exe2020-11-19 13:16:24.401 10341000x800000000000000015275Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015274Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015273Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015272Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015271Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015270Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015269Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015268Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015267Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015266Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015265Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015264Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015263Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015262Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015261Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015260Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015259Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015258Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015257Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015256Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015255Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015254Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015253Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015252Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015251Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015250Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015249Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015248Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015247Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015246Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015245Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015244Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015243Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015242Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015241Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015240Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015239Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015238Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015237Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015236Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000015235Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\ucrtbase.dll2020-11-19 13:16:24.385 10341000x800000000000000015234Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015233Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015232Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015231Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015230Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015229Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015228Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015227Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015226Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015225Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015224Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015223Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015222Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015221Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015220Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015219Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015218Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015217Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015216Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015215Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000015214Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\softokn3.dll2020-11-19 13:16:24.385 10341000x800000000000000015213Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015212Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015211Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015210Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.385{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015209Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015208Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015207Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015206Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015205Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015204Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015203Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015202Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015201Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015200Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015199Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015198Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015197Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015196Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015195Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015194Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015193Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015192Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015191Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015190Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015189Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015188Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015187Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015186Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015185Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015184Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015183Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015182Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015181Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015180Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015179Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015178Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015177Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015176Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015175Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015174Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000015173Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\qipcap64.dll2020-11-19 13:16:24.370 10341000x800000000000000015172Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015171Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015170Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015169Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015168Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015167Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015166Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015165Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015164Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015163Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015162Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015161Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.370{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015160Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015159Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015158Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015157Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015156Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015155Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015154Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015153Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015152Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015151Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015150Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015149Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015148Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015147Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015146Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015145Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015144Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015143Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015142Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015141Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015140Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015139Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015138Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015137Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015136Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015135Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015134Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015133Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000015132Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\plugin-hang-ui.exe2020-11-19 13:16:24.354 10341000x800000000000000015131Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015130Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015129Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015128Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015127Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015126Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015125Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015124Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015123Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015122Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015121Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015120Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015119Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015118Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015117Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015116Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015115Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015114Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015113Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015112Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015111Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015110Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015109Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015108Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.354{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015107Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015106Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015105Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015104Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015103Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015102Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015101Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015100Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015099Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015098Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015097Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015096Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015095Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015094Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015093Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015092Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000015091Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\plugin-container.exe2020-11-19 13:16:24.338 10341000x800000000000000015090Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015089Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015088Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015087Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015086Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015085Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015084Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015083Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015082Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015081Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015080Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015079Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015078Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015077Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000015076Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015075Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015074Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015073Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015072Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015071Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015070Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015069Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015068Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015067Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015066Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015065Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015064Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015063Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015062Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015061Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000015060Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015059Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015058Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015057Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000015056Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015055Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000015054Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015053Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015052Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015051Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015050Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015049Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000015048Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015047Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015046Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015045Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015044Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015043Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.338{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015042Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015041Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015040Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015039Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015038Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015037Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015036Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015035Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015034Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015033Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015032Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015031Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000015030Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\pingsender.exe2020-11-19 13:16:24.323 10341000x800000000000000015029Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015028Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015027Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015026Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015025Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015024Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015023Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015022Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015021Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015020Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015019Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015018Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000015017Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015016Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015015Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000015014Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000015013Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015012Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000015011Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000015010Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000015009Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\osclientcerts.dll2020-11-19 13:16:24.323 10341000x800000000000000015008Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015007Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015006Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000015005Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000015004Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015003Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015002Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000015001Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000015000Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014999Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014998Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014997Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014996Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014995Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014994Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014993Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014992Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014991Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014990Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014989Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.323{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014988Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014987Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014986Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014985Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014984Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014983Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014982Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014981Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014980Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014979Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014978Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014977Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014976Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014975Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014974Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014973Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014972Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014971Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014970Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014969Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014968Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\nssckbi.dll2020-11-19 13:16:24.291 10341000x800000000000000014967Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014966Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014965Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014964Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014963Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014962Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014961Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014960Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014959Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014958Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014957Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014956Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.291{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014955Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014954Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014953Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014952Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014951Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014950Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014949Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014948Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014947Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\nss3.dll2020-11-19 13:16:24.276 10341000x800000000000000014946Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014945Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014944Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014943Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014942Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014941Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014940Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014939Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014938Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014937Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014936Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014935Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014934Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014933Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014932Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014931Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014930Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014929Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014928Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014927Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014926Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\msvcp140.dll2020-11-19 13:16:24.276 10341000x800000000000000014925Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014924Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014923Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014922Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014921Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014920Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014919Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014918Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014917Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014916Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014915Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014914Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014913Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014912Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014911Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014910Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014909Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014908Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014907Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014906Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014905Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.276{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\mozglue.dll2020-11-19 13:16:24.276 10341000x800000000000000014904Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014903Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014902Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014901Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014900Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014899Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014898Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014897Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014896Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014895Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014894Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014893Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014892Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014891Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014890Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014889Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014888Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014887Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014886Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014885Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014884Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\mozavutil.dll2020-11-19 13:16:24.260 10341000x800000000000000014883Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014882Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014881Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014880Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014879Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014878Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014877Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014876Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014875Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014874Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014873Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014872Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014871Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014870Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014869Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014868Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014867Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014866Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014865Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014864Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014863Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\mozavcodec.dll2020-11-19 13:16:24.260 10341000x800000000000000014862Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014861Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014860Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014859Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.260{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014858Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014857Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014856Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014855Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014854Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014853Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014852Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014851Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014850Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014849Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014848Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014847Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014846Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014845Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014844Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014843Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014842Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\minidump-analyzer.exe2020-11-19 13:16:24.245 10341000x800000000000000014841Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014840Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014839Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014838Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014837Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014836Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014835Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014834Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014833Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014832Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014831Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014830Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014829Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014828Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014827Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014826Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014825Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014824Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014823Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014822Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014821Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe2020-11-19 13:16:24.245 10341000x800000000000000014820Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014819Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014818Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014817Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014816Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014815Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014814Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014813Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014812Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014811Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014810Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014809Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.245{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014808Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014807Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014806Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014805Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014804Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014803Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014802Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014801Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014800Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\maintenanceservice.exe2020-11-19 13:16:24.229 10341000x800000000000000014799Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014798Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014797Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014796Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014795Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014794Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014793Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014792Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014791Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014790Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014789Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014788Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014787Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014786Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014785Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014784Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014783Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014782Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014781Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014780Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014779Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014778Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014777Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014776Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014775Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000014774Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000014773Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014772Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000014771Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000014770Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000014769Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014768Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000014767Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000014766Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000014765Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014764Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000014763Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014762Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000014761Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014760Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000014759Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014758Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014757Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014756Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000014755Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014754Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014753Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014752Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014751Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014750Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014749Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014748Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014747Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014746Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014745Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014744Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014743Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000014742Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000014741Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014740Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.229{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 11241100x800000000000000014739Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\libGLESv2.dll2020-11-19 13:16:24.213 10341000x800000000000000014738Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014737Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014736Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014735Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014734Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014733Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014732Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014731Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014730Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014729Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014728Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014727Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014726Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014725Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014724Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014723Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014722Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014721Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014720Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014719Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014718Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\libEGL.dll2020-11-19 13:16:24.213 10341000x800000000000000014717Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014716Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014715Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014714Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014713Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014712Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014711Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014710Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014709Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014708Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014707Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014706Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014705Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014704Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014703Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014702Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014701Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014700Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014699Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014698Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014697Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll2020-11-19 13:16:24.213 10341000x800000000000000014696Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014695Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014694Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014693Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014692Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014691Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014690Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014689Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014688Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014687Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014686Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014685Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014684Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014683Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014682Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014681Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014680Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014679Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014678Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014677Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014676Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\IA2Marshal.dll2020-11-19 13:16:24.198 10341000x800000000000000014675Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014674Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014673Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014672Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014671Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014670Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014669Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014668Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014667Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014666Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014665Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014664Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014663Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014662Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014661Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014660Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014659Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014658Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014657Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014656Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014655Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\freebl3.dll2020-11-19 13:16:24.198 10341000x800000000000000014654Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014653Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014652Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014651Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014650Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014649Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014648Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014647Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014646Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014645Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014644Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014643Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014642Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014641Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014640Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014639Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014638Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014637Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014636Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014635Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014634Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014633Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014632Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014631Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014630Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014629Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014628Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014627Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014626Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014625Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014624Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014623Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014622Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014621Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014620Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014619Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014618Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014617Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014616Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014615Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014614Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014613Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014612Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014611Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014610Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014609Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014608Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014607Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014606Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014605Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014604Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014603Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014602Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014601Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014600Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014599Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.182{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014598Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014597Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014596Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014595Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014594Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\firefox.exe2020-11-19 13:16:24.166 10341000x800000000000000014593Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014592Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014591Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014590Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014589Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014588Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014587Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014586Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014585Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014584Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014583Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014582Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014581Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014580Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014579Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014578Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014577Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014576Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014575Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014574Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014573Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014572Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014571Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014570Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014569Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014568Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014567Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014566Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014565Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014564Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014563Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014562Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014561Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014560Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014559Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014558Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014557Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014556Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014555Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014554Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014553Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014552Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014551Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014550Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.166{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014549Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014548Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014547Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014546Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014545Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014544Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014543Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014542Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014541Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014540Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014539Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014538Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014537Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014536Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014535Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014534Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014533Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014532Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014531Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014530Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014529Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014528Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014527Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014526Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014525Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014524Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014523Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014522Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014521Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014520Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014519Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014518Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014517Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014516Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014515Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014514Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014513Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\default-browser-agent.exe2020-11-19 13:16:24.151 10341000x800000000000000014512Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014511Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014510Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014509Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014508Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014507Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014506Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014505Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.151{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014504Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014503Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014502Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014501Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014500Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014499Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014498Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014497Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014496Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014495Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014494Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014493Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014492Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\d3dcompiler_47.dll2020-11-19 13:16:24.135 10341000x800000000000000014491Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014490Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014489Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014488Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014487Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014486Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014485Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014484Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014483Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014482Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014481Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014480Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014479Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014478Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014477Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014476Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014475Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014474Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014473Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014472Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014471Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014470Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014469Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014468Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014467Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014466Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014465Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014464Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.135{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014463Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014462Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014461Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014460Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014459Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014458Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014457Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014456Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014455Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014454Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014453Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014452Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014451Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\crashreporter.exe2020-11-19 13:16:24.120 10341000x800000000000000014450Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014449Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014448Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014447Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014446Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014445Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014444Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014443Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014442Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014441Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014440Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014439Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014438Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014437Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014436Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014435Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014434Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014433Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014432Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014431Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014430Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014429Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000014428Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014427Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000014426Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014425Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014424Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014423Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000014422Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000014421Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000014420Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014419Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000014418Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000014417Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000014416Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014415Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000014414Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000014413Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000014412Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014411Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000014410Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000014409Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000014408Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014407Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000014406Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014405Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014404Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014403Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014402Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014401Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014400Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014399Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014398Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014397Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014396Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014395Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.120{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014394Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014393Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014392Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014391Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014390Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll2020-11-19 13:16:24.104 10341000x800000000000000014389Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014388Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014387Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014386Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014385Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014384Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014383Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014382Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014381Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014380Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014379Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014378Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014377Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014376Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014375Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014374Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014373Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014372Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014371Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014370Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014369Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll2020-11-19 13:16:24.104 10341000x800000000000000014368Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014367Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014366Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014365Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014364Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014363Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014362Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014361Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014360Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014359Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014358Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014357Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014356Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014355Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014354Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014353Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014352Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014351Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014350Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014349Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014348Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll2020-11-19 13:16:24.104 10341000x800000000000000014347Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014346Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014345Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014344Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.104{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014343Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014342Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014341Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014340Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014339Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014338Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014337Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014336Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014335Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014334Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014333Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014332Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014331Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014330Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014329Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014328Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014327Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll2020-11-19 13:16:24.088 10341000x800000000000000014326Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014325Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014324Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014323Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014322Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014321Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014320Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014319Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014318Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014317Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014316Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014315Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014314Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014313Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014312Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014311Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014310Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014309Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014308Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014307Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014306Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll2020-11-19 13:16:24.088 10341000x800000000000000014305Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014304Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014303Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014302Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014301Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014300Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014299Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014298Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014297Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014296Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014295Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014294Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014293Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014292Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014291Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014290Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014289Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014288Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014287Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014286Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014285Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.088{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll2020-11-19 13:16:24.088 10341000x800000000000000014284Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014283Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014282Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014281Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014280Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014279Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014278Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014277Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014276Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014275Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014274Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014273Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014272Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014271Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014270Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014269Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014268Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014267Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014266Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014265Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014264Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll2020-11-19 13:16:24.073 10341000x800000000000000014263Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014262Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014261Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014260Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014259Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014258Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014257Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014256Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014255Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014254Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014253Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014252Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014251Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014250Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014249Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014248Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014247Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014246Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014245Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014244Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014243Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll2020-11-19 13:16:24.073 10341000x800000000000000014242Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014241Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014240Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014239Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.073{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014238Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014237Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014236Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014235Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014234Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014233Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014232Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014231Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014230Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014229Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014228Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014227Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014226Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014225Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014224Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014223Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014222Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll2020-11-19 13:16:24.057 10341000x800000000000000014221Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014220Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014219Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014218Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014217Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014216Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014215Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014214Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014213Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014212Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014211Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014210Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014209Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014208Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014207Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014206Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014205Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014204Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014203Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014202Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014201Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll2020-11-19 13:16:24.057 10341000x800000000000000014200Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014199Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014198Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014197Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014196Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014195Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014194Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014193Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014192Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014191Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014190Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014189Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014188Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014187Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014186Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014185Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014184Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014183Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014182Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014181Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014180Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll2020-11-19 13:16:24.057 10341000x800000000000000014179Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014178Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014177Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.057{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014176Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014175Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014174Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014173Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014172Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014171Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014170Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014169Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014168Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014167Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014166Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014165Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014164Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014163Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014162Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014161Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014160Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014159Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll2020-11-19 13:16:24.041 10341000x800000000000000014158Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014157Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014156Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014155Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014154Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014153Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014152Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014151Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014150Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014149Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014148Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014147Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014146Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014145Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014144Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014143Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014142Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014141Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014140Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014139Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014138Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll2020-11-19 13:16:24.041 10341000x800000000000000014137Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014136Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014135Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014134Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014133Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014132Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014131Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014130Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014129Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014128Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014127Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014126Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014125Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.041{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014124Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014123Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014122Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014121Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014120Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014119Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014118Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014117Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll2020-11-19 13:16:24.026 10341000x800000000000000014116Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014115Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014114Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014113Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014112Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014111Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014110Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014109Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014108Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014107Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014106Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014105Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014104Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014103Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014102Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014101Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014100Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014099Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014098Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014097Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014096Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll2020-11-19 13:16:24.026 10341000x800000000000000014095Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014094Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014093Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014092Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014091Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014090Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014089Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014088Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014087Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014086Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014085Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014084Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014083Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014082Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014081Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014080Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014079Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014078Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014077Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014076Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014075Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll2020-11-19 13:16:24.026 10341000x800000000000000014074Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014073Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014072Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014071Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.026{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014070Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014069Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014068Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014067Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014066Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014065Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014064Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014063Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014062Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014061Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014060Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014059Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014058Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014057Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014056Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014055Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014054Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000014053Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000014052Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014051Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 11241100x800000000000000014050Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll2020-11-19 13:16:24.010 10341000x800000000000000014049Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000014048Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000014047Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014046Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000014045Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014044Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014043Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014042Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014041Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000014040Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000014039Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014038Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000014037Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000014036Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000014035Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014034Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000014033Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014032Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014031Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014030Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014029Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014028Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000014027Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014026Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000014025Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014024Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000014023Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000014022Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000014021Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1cae0(wow64)|C:\Windows\System32\shcore.dll+1bb4b(wow64)|C:\Windows\System32\windows.storage.dll+1a1adc(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000014020Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1a1ace(wow64) 10341000x800000000000000014019Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1a1ace(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64) 10341000x800000000000000014018Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014017Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014016Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000014015Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000014014Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014013Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000014012Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000014011Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000014010Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll2020-11-19 13:16:24.010 10341000x800000000000000014009Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014008Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014007Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000014006Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000014005Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014004Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014003Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000014002Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014001Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000014000Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013999Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013998Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000013997Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013996Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013995Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000013994Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000013993Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013992Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013991Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000013990Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000013989Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll2020-11-19 13:16:23.995 10341000x800000000000000013988Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013987Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013986Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013985Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013984Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013983Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013982Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3 10341000x800000000000000013981Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013980Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013979Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013978Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013977Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000013976Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013975Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013974Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000013973Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000013972Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013971Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000013970Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000013969Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000013968Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll2020-11-19 13:16:23.995 10341000x800000000000000013967Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013966Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013965Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000013964Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000013963Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000013962Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:23.995{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016356Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016355Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016354Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016353Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016352Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016351Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016350Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016349Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016348Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016347Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016346Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016345Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016344Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016343Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016342Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016341Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016340Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016339Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016338Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016337Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.979{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 13241300x800000000000000016336Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localSetValue2020-11-19 13:16:25.885{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1D27F844-3A1F-4410-85AC-14651078412D} {000214E4-0000-0000-C000-000000000046} 0xFFFFBinary Data 10341000x800000000000000016335Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016334Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016333Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016332Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016331Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016330Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016329Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016328Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016327Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016326Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016325Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016324Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016323Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016322Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016321Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016320Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016319Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016318Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016317Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016316Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.870{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 13241300x800000000000000016315Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localSetValue2020-11-19 13:16:25.791{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6} {000214E4-0000-0000-C000-000000000046} 0xFFFFBinary Data 10341000x800000000000000016314Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016313Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016312Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016311Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016310Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016309Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016308Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016307Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016306Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016305Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016304Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016303Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016302Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016301Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016300Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016299Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016298Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016297Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016296Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016295Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.776{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016294Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016293Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016292Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016291Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016290Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016289Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016288Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016287Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016286Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016285Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016284Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016283Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016282Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016281Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016280Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016279Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016278Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016277Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016276Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016275Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.651{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016274Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.635{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-7029-5FB6-0000-00104FE92400}6436C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016273Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.635{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-7029-5FB6-0000-00104FE92400}6436C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016272Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.635{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-7029-5FB6-0000-00104FE92400}6436C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016271Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.635{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365108C:\Windows\system32\csrss.exe{2CC55DE6-7029-5FB6-0000-00104FE92400}6436C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016270Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.635{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-7029-5FB6-0000-00104FE92400}6436C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016269Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.635{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-7029-5FB6-0000-00104FE92400}6436C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000016268Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:25.604{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\InvokeShellVerb.dll2020-11-19 13:16:25.604 13241300x800000000000000016267Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localSetValue2020-11-19 13:16:25.604{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\*\shell\Firefox-308046B0AF4A39CB\ExplorerCommandHandler{90AA3A4E-1CBA-4233-B8BB-535773D48449} 10341000x800000000000000016266Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.604{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+346745(wow64)|UNKNOWN(0000000002B379CB)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016265Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.604{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+346745(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016264Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.604{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+346745(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016263Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.604{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+346745(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016262Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.557{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+389263(wow64)|C:\Windows\System32\windows.storage.dll+384384(wow64)|C:\Windows\System32\SHELL32.dll+346604(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016261Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.557{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+389263(wow64)|C:\Windows\System32\windows.storage.dll+384384(wow64)|C:\Windows\System32\SHELL32.dll+346604(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016260Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.557{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+389263(wow64)|C:\Windows\System32\windows.storage.dll+384384(wow64) 10341000x800000000000000016259Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.557{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+389263(wow64)|C:\Windows\System32\windows.storage.dll+384384(wow64)|C:\Windows\System32\SHELL32.dll+346604(wow64) 10341000x800000000000000016258Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.557{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+38942a(wow64)|C:\Windows\System32\windows.storage.dll+3846d5(wow64)|C:\Windows\System32\SHELL32.dll+346597(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016257Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.557{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+38942a(wow64)|C:\Windows\System32\windows.storage.dll+3846d5(wow64)|C:\Windows\System32\SHELL32.dll+346597(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016256Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.557{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+38942a(wow64)|C:\Windows\System32\windows.storage.dll+3846d5(wow64) 10341000x800000000000000016255Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.557{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+38942a(wow64)|C:\Windows\System32\windows.storage.dll+3846d5(wow64)|C:\Windows\System32\SHELL32.dll+346597(wow64) 10341000x800000000000000016254Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016253Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016252Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016251Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016250Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016249Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016248Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016247Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016246Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016245Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016244Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016243Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016242Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016241Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016240Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016239Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016238Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016237Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016236Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016235Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.541{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 11241100x800000000000000016234Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10532020-11-19 13:16:25.495{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB2020-11-19 13:16:25.495 11241100x800000000000000016233Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10532020-11-19 13:16:25.495{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Mozilla2020-11-19 13:16:25.495 10341000x800000000000000016232Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.495{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-7029-5FB6-0000-001045DB2400}6752C:\Program Files\Mozilla Firefox\default-browser-agent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016231Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.495{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-7029-5FB6-0000-001045DB2400}6752C:\Program Files\Mozilla Firefox\default-browser-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016230Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.448{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016229Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.448{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365108C:\Windows\system32\csrss.exe{2CC55DE6-7029-5FB6-0000-001045DB2400}6752C:\Program Files\Mozilla Firefox\default-browser-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016228Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.448{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016227Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.448{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016226Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.448{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016225Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.448{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-7029-5FB6-0000-001045DB2400}6752C:\Program Files\Mozilla Firefox\default-browser-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+57f3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+1eeb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 154100x800000000000000016224Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.445{2CC55DE6-7029-5FB6-0000-001045DB2400}6752C:\Program Files\Mozilla Firefox\default-browser-agent.exe83.0Firefox Default Browser AgentFirefoxMozilla Foundationdefault-browser-agent.exe"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=9E166AB764228218CC9C3E10E0ADCB6D,SHA256=CA97C091480D03786475941698D409CC3F5B6DE7B79D10948106A265C0F104AF,IMPHASH=C63658719CB70747321FBCA4EAE93153{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe.\setup.exe /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\config.ini 10341000x800000000000000016223Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-7029-5FB6-0000-001045DB2400}6752C:\Program Files\Mozilla Firefox\default-browser-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016222Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016221Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016220Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016219Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016218Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016217Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016216Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016215Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016214Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016213Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016212Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016211Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016210Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016209Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016208Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016207Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016206Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016205Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016204Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016203Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016202Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016201Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.432{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 11241100x800000000000000016200Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:25.432{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ServicesHelper.dll2020-11-19 13:16:25.432 10341000x800000000000000016199Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|UNKNOWN(0000000002B312C7)|UNKNOWN(0000000002B315AC)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016198Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|UNKNOWN(0000000002B312C7)|UNKNOWN(0000000002B315AC)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016197Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+15ac(wow64) 10341000x800000000000000016196Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016195Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016194Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016193Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+15ac(wow64) 10341000x800000000000000016192Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016191Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016190Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016189Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016188Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016187Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016186Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016185Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016184Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 11241100x800000000000000016183Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10232020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk~RF153467.TMP2020-11-19 13:16:25.416 11241100x800000000000000016182Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10232020-11-19 13:16:25.416{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\~irefox.tmp2020-11-19 13:16:25.416 11241100x800000000000000016181Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ApplicationID.dll2020-11-19 13:16:25.401 10341000x800000000000000016180Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|UNKNOWN(0000000002B312C7)|UNKNOWN(0000000002B315AC)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016179Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|UNKNOWN(0000000002B312C7)|UNKNOWN(0000000002B315AC)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016178Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|UNKNOWN(0000000002B312C7)|UNKNOWN(0000000002B315AC) 10341000x800000000000000016177Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016176Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016175Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016174Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+15ac(wow64) 10341000x800000000000000016173Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 11241100x800000000000000016172Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10232020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk2020-11-19 13:16:25.401 10341000x800000000000000016171Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016170Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016169Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016168Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016167Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016166Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016165Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016164Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 11241100x800000000000000016163Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10232020-11-19 13:16:25.401{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk2020-11-19 13:16:25.401 10341000x800000000000000016162Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016161Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016160Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016159Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016158Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016157Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016156Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016155Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016154Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016153Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016152Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016151Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016150Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016149Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016148Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016147Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016146Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016145Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016144Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016143Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 11241100x800000000000000016142Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:25.213{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\ShellLink.dll2020-11-19 13:16:25.213 10341000x800000000000000016141Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016140Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016139Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016138Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016137Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016136Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016135Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016134Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016133Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016132Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016131Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016130Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016129Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016128Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016127Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016126Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 12241200x800000000000000016125Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDeleteKey2020-11-19 13:16:25.213{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\1F97E3EE 10341000x800000000000000016124Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016123Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016122Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016121Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.213{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 13241300x800000000000000016120Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localSetValue2020-11-19 13:16:25.213{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe\PathC:\Program Files\Mozilla Firefox 13241300x800000000000000016119Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localSetValue2020-11-19 13:16:25.213{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe\(Default)C:\Program Files\Mozilla Firefox\firefox.exe 13241300x800000000000000016118Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:25.198{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService\PublisherMozilla 11241100x800000000000000016117Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:25.182{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exeC:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe2020-11-19 13:16:25.182 13241300x800000000000000016116Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1031,T1050SetValue2020-11-19 13:16:25.182{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MozillaMaintenance\ImagePath"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" 13241300x800000000000000016115Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1031,T1050SetValue2020-11-19 13:16:25.182{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MozillaMaintenance\StartDWORD (0x00000003) 10341000x800000000000000016114Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.166{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365216C:\Windows\system32\csrss.exe{2CC55DE6-7029-5FB6-0000-001027D12400}5396C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016113Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.166{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016112Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.166{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016111Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.166{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016110Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.166{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016109Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.166{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-7029-5FB6-0000-001027D12400}5396C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+57f3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+1eeb|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 154100x800000000000000016108Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.178{2CC55DE6-7029-5FB6-0000-001027D12400}5396C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe83.0FirefoxMozilla Foundationmaintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" installC:\Program Files (x86)\Mozilla Maintenance Service\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=7407820115AB91D82B39BAC6DEE62E57,SHA256=C12DB94BB3CC18A8C3B955E50BA569729C31060B6BD8A30D5A79C6CBEEB5FCCD,IMPHASH=E4793B8A2E804520C3AE2CFD62D76D97{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe" 10341000x800000000000000016107Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.166{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-7029-5FB6-0000-001027D12400}5396C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016106Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016105Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016104Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3 10341000x800000000000000016103Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016102Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016101Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016100Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000016099Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000016098Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000016097Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000016096Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000016095Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000016094Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000016093Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000016092Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000016091Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000016090Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016089Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016088Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000016087Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000016086Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016085Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016084Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3 10341000x800000000000000016083Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016082Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016081Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016080Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000016079Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000016078Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000016077Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000016076Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000016075Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000016074Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000016073Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000016072Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000016071Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 11241100x800000000000000016070Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:16:25.135{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exeC:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe2020-11-19 13:16:25.135 10341000x800000000000000016069Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.120{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016068Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.120{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016067Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.120{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000016066Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.120{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000016065Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.120{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1cae0(wow64)|C:\Windows\System32\shcore.dll+1bb4b(wow64)|C:\Windows\System32\windows.storage.dll+1a1adc(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016064Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.120{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1a1ace(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000016063Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.120{2CC55DE6-7029-5FB6-0000-0010BDC82400}67726352C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1a1ace(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000016062Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.120{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000016061Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:25.120{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsn3340.tmp\System.dll2020-11-19 13:16:25.120 10341000x800000000000000016060Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016059Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016058Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016057Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016056Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016055Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016054Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016053Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016052Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016051Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016050Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016049Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016048Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016047Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016046Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016045Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016044Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016043Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016042Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016041Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016040Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016039Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.104{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016038Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016037Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016036Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016035Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016034Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.088{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365108C:\Windows\system32\csrss.exe{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016033Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.088{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\nsExec.dll+149e(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\nsExec.dll+102b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 154100x800000000000000016032Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.091{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe83.0Mozilla Maintenance Service InstallerFirefoxMozilla Corporationmaintenanceservice_installer.exe"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=8DB33C02835350F02F231FAE2C749A1D,SHA256=CC47EDD7C6DB46AAB13D08C4ACD9DA160599C6C4A0A8B528FD889B25983F379A,IMPHASH=E2A592076B17EF8BFB48B7E03965A3FC{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe.\setup.exe /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\config.ini 10341000x800000000000000016031Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.088{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-7029-5FB6-0000-0010BDC82400}6772C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000016030Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:25.073{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\nsExec.dll2020-11-19 13:16:25.073 13241300x800000000000000016029Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:16:25.073{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKCR\Applications\firefox.exe\shell\open\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%%1" 13241300x800000000000000016028Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:16:25.073{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKLM\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\shell\safemode\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode 13241300x800000000000000016027Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:16:25.073{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKLM\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\shell\properties\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" -preferences 13241300x800000000000000016026Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:16:25.073{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKLM\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\shell\open\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" 13241300x800000000000000016025Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1122SetValue2020-11-19 13:16:25.073{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKCR\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec\(Default)(Empty) 13241300x800000000000000016024Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:16:25.073{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKCR\FirefoxURL-308046B0AF4A39CB\shell\open\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%%1" 13241300x800000000000000016023Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1122SetValue2020-11-19 13:16:25.073{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKCR\FirefoxHTML-308046B0AF4A39CB\shell\open\ddeexec\(Default)(Empty) 13241300x800000000000000016022Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:16:25.073{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKCR\FirefoxHTML-308046B0AF4A39CB\shell\open\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%%1" 13241300x800000000000000016021Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localSetValue2020-11-19 13:16:25.057{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 83.0 (x64 de)\URLUpdateInfohttps://www.mozilla.org/firefox/83.0/releasenotes 13241300x800000000000000016020Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:25.057{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 83.0 (x64 de)\PublisherMozilla 11241100x800000000000000016019Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:25.026{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\AccessControl.dll2020-11-19 13:16:25.026 13241300x800000000000000016018Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1122SetValue2020-11-19 13:16:25.026{2CC55DE6-7029-5FB6-0000-00107EBE2400}5140C:\Windows\system32\regsvr32.exeHKCR\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\InProcServer32\(Default)C:\Program Files\Mozilla Firefox\AccessibleHandler.dll 10341000x800000000000000016017Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.026{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-7029-5FB6-0000-00107EBE2400}5140C:\Windows\system32\regsvr32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016016Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.026{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-7029-5FB6-0000-00107EBE2400}5140C:\Windows\system32\regsvr32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016015Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.010{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016014Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.010{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016013Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.010{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016012Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.010{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016011Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.010{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-7029-5FB6-0000-00107EBE2400}5140C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016010Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.010{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-7029-5FB6-0000-00107EBE2400}5140C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+57f3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+1eeb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 154100x800000000000000016009Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.018{2CC55DE6-7029-5FB6-0000-00107EBE2400}5140C:\Windows\System32\regsvr32.exe10.0.14393.0 (rs1_release.160715-1616)Microsoft(C) Register ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationREGSVR32.EXE"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleHandler.dll"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=8CF9086BE38A15E905924B4A45D814D9,SHA256=00A1CF85C6AB96DF38A4023F0CEE4DF60F62280768FC9C06A235E6D2D644169D,IMPHASH=1C8D7F52BBDAEF92EB0104CB6362D5D0{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe.\setup.exe /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\config.ini 10341000x800000000000000016008Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:25.010{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-7029-5FB6-0000-00107EBE2400}5140C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000016007Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1122SetValue2020-11-19 13:16:25.010{2CC55DE6-7028-5FB6-0000-0010D1BB2400}6316C:\Windows\system32\regsvr32.exeHKCR\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\(Default)C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll 10341000x800000000000000016006Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-7028-5FB6-0000-0010D1BB2400}6316C:\Windows\system32\regsvr32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016005Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-7028-5FB6-0000-0010D1BB2400}6316C:\Windows\system32\regsvr32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016004Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016003Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016002Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016001Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016000Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015999Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000015998Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000015997Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000015996Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:24.995{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 534500x800000000000000016474Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.620{2CC55DE6-7021-5FB6-0000-001016502400}2088C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\download.exe 10341000x800000000000000016473Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.338{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702A-5FB6-0000-0010A4092500}1368C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+8fe9|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016472Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.338{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016471Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.338{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016470Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.338{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016469Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.338{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016468Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.338{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016467Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.323{2CC55DE6-702A-5FB6-0000-0010A4092500}13687060C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+a6a5|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016466Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.338{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe83.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startupC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792MediumMD5=EC6EFFE90D1EC308D9AFA9D10D45C994,SHA256=CAEA525D11F6DC78E33FAE7DF286CF05ED8FD890964ED9EBDFF6973BC35DF302,IMPHASH=A0E54F8DE4BDDF36D2C9289AE58AD3D8{2CC55DE6-702A-5FB6-0000-0010A4092500}1368C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016465Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.323{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016464Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.323{2CC55DE6-702A-5FB6-0000-0010A4092500}13687060C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+8fe9|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016463Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.323{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016462Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.323{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016461Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.323{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016460Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.323{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016459Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.323{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-702A-5FB6-0000-0010A4092500}1368C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016458Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.323{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-702A-5FB6-0000-0010A4092500}1368C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\System.dll+2965(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsrC10.tmp\System.dll+17cd(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe+13a8 154100x800000000000000016457Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.322{2CC55DE6-702A-5FB6-0000-0010A4092500}1368C:\Program Files\Mozilla Firefox\firefox.exe83.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startupC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=EC6EFFE90D1EC308D9AFA9D10D45C994,SHA256=CAEA525D11F6DC78E33FAE7DF286CF05ED8FD890964ED9EBDFF6973BC35DF302,IMPHASH=A0E54F8DE4BDDF36D2C9289AE58AD3D8{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe.\setup-stub.exe 10341000x800000000000000016456Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010A4092500}1368C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016455Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016454Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016453Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016452Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016451Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016450Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016449Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016448Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016447Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016446Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016445Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016444Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016443Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016442Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016441Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016440Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016439Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016438Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016437Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016436Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.307{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 534500x800000000000000016435Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.291{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe 10341000x800000000000000016434Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\System.dll+2965(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\System.dll+17cd(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016433Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\System.dll+2965(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\System.dll+17cd(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016432Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\System.dll+2965(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\System.dll+17cd(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016431Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.276{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\System.dll+2965(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\System.dll+17cd(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe+13a8 10341000x800000000000000016430Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.276{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}15646884C:\Windows\system32\svchost.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016429Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.276{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}15646884C:\Windows\system32\svchost.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016428Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.276{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}15646884C:\Windows\system32\svchost.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016427Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.276{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}15646884C:\Windows\system32\svchost.exe{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000016426Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:16:26.245{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsa2E6D.tmp\liteFirewallW.dll2020-11-19 13:16:26.245 12241200x800000000000000016425Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDeleteKey2020-11-19 13:16:26.229{2CC55DE6-7027-5FB6-0000-001005592400}6292C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\*\shell\Firefox-308046B0AF4A39CB 10341000x800000000000000016424Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+3b7043(wow64)|C:\Windows\System32\SHELL32.dll+475b5e(wow64)|C:\Windows\System32\SHELL32.dll+473f21(wow64)|C:\Windows\System32\SHELL32.dll+4766b9(wow64)|C:\Windows\System32\SHELL32.dll+47338b(wow64)|C:\Windows\System32\windows.storage.dll+2a43a1(wow64)|C:\Windows\System32\windows.storage.dll+1e2db8(wow64)|C:\Windows\System32\SHELL32.dll+1378b1(wow64)|C:\Windows\System32\SHELL32.dll+136a00(wow64) 10341000x800000000000000016423Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+3b7043(wow64)|C:\Windows\System32\SHELL32.dll+475b5e(wow64)|C:\Windows\System32\SHELL32.dll+473f21(wow64)|C:\Windows\System32\SHELL32.dll+4766b9(wow64)|C:\Windows\System32\SHELL32.dll+47338b(wow64)|C:\Windows\System32\windows.storage.dll+2a43a1(wow64)|C:\Windows\System32\windows.storage.dll+1e2db8(wow64)|C:\Windows\System32\SHELL32.dll+1378b1(wow64)|C:\Windows\System32\SHELL32.dll+136a00(wow64) 10341000x800000000000000016422Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+3b7043(wow64)|C:\Windows\System32\SHELL32.dll+475b5e(wow64)|C:\Windows\System32\SHELL32.dll+473f21(wow64)|C:\Windows\System32\SHELL32.dll+4766b9(wow64)|C:\Windows\System32\SHELL32.dll+47338b(wow64) 10341000x800000000000000016421Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+3b7043(wow64)|C:\Windows\System32\SHELL32.dll+475b5e(wow64)|C:\Windows\System32\SHELL32.dll+473f21(wow64)|C:\Windows\System32\SHELL32.dll+4766b9(wow64)|C:\Windows\System32\SHELL32.dll+47338b(wow64)|C:\Windows\System32\windows.storage.dll+2a43a1(wow64) 10341000x800000000000000016420Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+475b49(wow64)|C:\Windows\System32\SHELL32.dll+473f21(wow64)|C:\Windows\System32\SHELL32.dll+4766b9(wow64)|C:\Windows\System32\SHELL32.dll+47338b(wow64)|C:\Windows\System32\windows.storage.dll+2a43a1(wow64)|C:\Windows\System32\windows.storage.dll+1e2db8(wow64)|C:\Windows\System32\SHELL32.dll+1378b1(wow64)|C:\Windows\System32\SHELL32.dll+136a00(wow64)|C:\Windows\System32\SHELL32.dll+176bf1(wow64) 10341000x800000000000000016419Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+475b49(wow64)|C:\Windows\System32\SHELL32.dll+473f21(wow64)|C:\Windows\System32\SHELL32.dll+4766b9(wow64)|C:\Windows\System32\SHELL32.dll+47338b(wow64)|C:\Windows\System32\windows.storage.dll+2a43a1(wow64)|C:\Windows\System32\windows.storage.dll+1e2db8(wow64)|C:\Windows\System32\SHELL32.dll+1378b1(wow64)|C:\Windows\System32\SHELL32.dll+136a00(wow64)|C:\Windows\System32\SHELL32.dll+176bf1(wow64) 10341000x800000000000000016418Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+475b49(wow64)|C:\Windows\System32\SHELL32.dll+473f21(wow64)|C:\Windows\System32\SHELL32.dll+4766b9(wow64)|C:\Windows\System32\SHELL32.dll+47338b(wow64)|C:\Windows\System32\windows.storage.dll+2a43a1(wow64) 10341000x800000000000000016417Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+475b49(wow64)|C:\Windows\System32\SHELL32.dll+473f21(wow64)|C:\Windows\System32\SHELL32.dll+4766b9(wow64)|C:\Windows\System32\SHELL32.dll+47338b(wow64)|C:\Windows\System32\windows.storage.dll+2a43a1(wow64)|C:\Windows\System32\windows.storage.dll+1e2db8(wow64) 10341000x800000000000000016416Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Windows\System32\SHELL32.dll+475caa(wow64)|C:\Windows\System32\SHELL32.dll+472a33(wow64)|C:\Windows\System32\SHELL32.dll+473dad(wow64)|C:\Windows\System32\SHELL32.dll+4766b9(wow64)|C:\Windows\System32\SHELL32.dll+47338b(wow64) 10341000x800000000000000016415Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Windows\System32\SHELL32.dll+475caa(wow64)|C:\Windows\System32\SHELL32.dll+472a33(wow64)|C:\Windows\System32\SHELL32.dll+473dad(wow64)|C:\Windows\System32\SHELL32.dll+4766b9(wow64)|C:\Windows\System32\SHELL32.dll+47338b(wow64) 10341000x800000000000000016414Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Windows\System32\SHELL32.dll+475caa(wow64) 10341000x800000000000000016413Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Windows\System32\SHELL32.dll+475caa(wow64)|C:\Windows\System32\SHELL32.dll+472a33(wow64) 10341000x800000000000000016412Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Windows\System32\SHELL32.dll+475caa(wow64)|C:\Windows\System32\SHELL32.dll+472a33(wow64)|C:\Windows\System32\SHELL32.dll+473dad(wow64) 10341000x800000000000000016411Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Windows\System32\SHELL32.dll+475caa(wow64)|C:\Windows\System32\SHELL32.dll+472a33(wow64)|C:\Windows\System32\SHELL32.dll+473dad(wow64) 10341000x800000000000000016410Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000016409Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.213{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000016408Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000016407Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000016406Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000016405Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000016404Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000016403Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000016402Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64) 10341000x800000000000000016401Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64)|C:\Windows\System32\windows.storage.dll+2db5c9(wow64)|C:\Windows\System32\windows.storage.dll+1dc892(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000016400Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Windows\System32\SHELL32.dll+475caa(wow64)|C:\Windows\System32\SHELL32.dll+472a33(wow64) 10341000x800000000000000016399Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Windows\System32\SHELL32.dll+475caa(wow64)|C:\Windows\System32\SHELL32.dll+472a33(wow64) 10341000x800000000000000016398Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000016397Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-7027-5FB6-0000-001005592400}62925540C:\Users\ADMINI~1\AppData\Local\Temp\7zS828F2F75\setup.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e09e2(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000016396Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016395Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016394Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016393Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016392Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016391Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016390Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016389Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016388Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016387Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016386Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016385Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016384Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016383Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016382Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016381Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016380Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016379Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016378Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016377Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.198{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016376Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016375Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000016374Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016373Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016372Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016371Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e09ff(wow64) 10341000x800000000000000016370Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016369Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016368Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016367Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+2db7df(wow64) 10341000x800000000000000016366Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016365Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016364Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016363Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+4a2d0c(wow64)|C:\Windows\System32\windows.storage.dll+2e48b8(wow64) 10341000x800000000000000016362Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016361Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64) 10341000x800000000000000016360Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016359Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64) 10341000x800000000000000016358Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64) 10341000x800000000000000016357Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:26.088{2CC55DE6-701F-5FB6-0000-0010542D2400}20447164C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64) 10341000x800000000000000016618Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016617Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016616Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016615Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016614Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016613Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016612Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016611Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016610Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016609Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016608Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016607Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016606Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016605Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.963{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016604Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.948{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016603Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.948{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016602Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.932{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+1063d95|C:\Program Files\Mozilla Firefox\xul.dll+e25212|C:\Program Files\Mozilla Firefox\xul.dll+a12b1a|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016601Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.901{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016600Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.885{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016599Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.885{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016598Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.885{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016597Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.885{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016596Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.869{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016595Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.869{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016594Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.854{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900876C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+efd77e|C:\Program Files\Mozilla Firefox\xul.dll+10115f4|C:\Program Files\Mozilla Firefox\xul.dll+1150af1|C:\Program Files\Mozilla Firefox\xul.dll+f0bc30|C:\Program Files\Mozilla Firefox\xul.dll+f0d1b3|C:\Program Files\Mozilla Firefox\xul.dll+3b4cc|C:\Program Files\Mozilla Firefox\xul.dll+39ea2|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+a1c285|C:\Program Files\Mozilla Firefox\nss3.dll+12c0da|C:\Program Files\Mozilla Firefox\nss3.dll+11d1c1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016593Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.854{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+243c26|C:\Program Files\Mozilla Firefox\xul.dll+4d9e23|C:\Program Files\Mozilla Firefox\xul.dll+4f19cad|UNKNOWN(00000086A41B4CF0) 10341000x800000000000000016592Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.854{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+243c26|C:\Program Files\Mozilla Firefox\xul.dll+4d9e23|C:\Program Files\Mozilla Firefox\xul.dll+4f19cad|UNKNOWN(00000086A41B4CF0) 10341000x800000000000000016591Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.838{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016590Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.838{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f839e8|C:\Program Files\Mozilla Firefox\xul.dll+fccfe0|C:\Program Files\Mozilla Firefox\xul.dll+2b232d4|C:\Program Files\Mozilla Firefox\xul.dll+fa7113|C:\Program Files\Mozilla Firefox\xul.dll+f0bc30|C:\Program Files\Mozilla Firefox\xul.dll+f0d1b3|C:\Program Files\Mozilla Firefox\xul.dll+a0de9e|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39 10341000x800000000000000016589Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.838{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016588Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.823{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016587Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.823{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016586Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.823{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016585Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.823{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016584Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.823{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69003628C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3d620bb|C:\Program Files\Mozilla Firefox\xul.dll+3d6317d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016583Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.823{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}13522552C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016582Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.807{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea48|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+2e3b863|C:\Program Files\Mozilla Firefox\xul.dll+2e38b85|C:\Program Files\Mozilla Firefox\xul.dll+2e36d24|C:\Program Files\Mozilla Firefox\xul.dll+2e2da24|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDAA606D)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+2e07f0d 10341000x800000000000000016581Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.807{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea21|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+2e3b863|C:\Program Files\Mozilla Firefox\xul.dll+2e38b85|C:\Program Files\Mozilla Firefox\xul.dll+2e36d24|C:\Program Files\Mozilla Firefox\xul.dll+2e2da24|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDAA606D)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+2e07f0d 10341000x800000000000000016580Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.807{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dce9f6|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+2e3b863|C:\Program Files\Mozilla Firefox\xul.dll+2e38b85|C:\Program Files\Mozilla Firefox\xul.dll+2e36d24|C:\Program Files\Mozilla Firefox\xul.dll+2e2da24|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA63E8)|UNKNOWN(FFFFE7DBCDAA606D)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+2e07f0d 10341000x800000000000000016579Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.807{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f839e8|C:\Program Files\Mozilla Firefox\xul.dll+fccfe0|C:\Program Files\Mozilla Firefox\xul.dll+2b232d4|C:\Program Files\Mozilla Firefox\xul.dll+fa7113|C:\Program Files\Mozilla Firefox\xul.dll+f0bc30|C:\Program Files\Mozilla Firefox\xul.dll+f0d1b3|C:\Program Files\Mozilla Firefox\xul.dll+a0de9e|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39 10341000x800000000000000016578Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff74e1|C:\Program Files\Mozilla Firefox\xul.dll+16a8366|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016577Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff73e1|C:\Program Files\Mozilla Firefox\xul.dll+16a8198|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016576Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff72e1|C:\Program Files\Mozilla Firefox\xul.dll+16a7fee|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016575Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff71e1|C:\Program Files\Mozilla Firefox\xul.dll+16a7e3f|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016574Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b3d649|C:\Program Files\Mozilla Firefox\xul.dll+2b15555|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+274f63|C:\Program Files\Mozilla Firefox\xul.dll+4c27d8|C:\Program Files\Mozilla Firefox\xul.dll+1b779b1 10341000x800000000000000016573Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016572Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016571Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016570Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016569Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016568Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016567Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016566Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016565Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016564Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016563Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016562Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016561Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016560Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b15221|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+274f63|C:\Program Files\Mozilla Firefox\xul.dll+4c27d8 10341000x800000000000000016559Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+2b15193|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+274f63|C:\Program Files\Mozilla Firefox\xul.dll+4c27d8|C:\Program Files\Mozilla Firefox\xul.dll+1b779b1|C:\Program Files\Mozilla Firefox\xul.dll+233be8 10341000x800000000000000016558Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69005048C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f041ea|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+e47e|C:\Program Files\Mozilla Firefox\xul.dll+edc8a1|C:\Program Files\Mozilla Firefox\xul.dll+e1a5|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+edd581|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016557Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016556Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016555Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016554Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016553Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365108C:\Windows\system32\csrss.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016552Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69004324C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+4f952|C:\Program Files\Mozilla Firefox\firefox.exe+2cb03|C:\Program Files\Mozilla Firefox\xul.dll+9612bb|C:\Program Files\Mozilla Firefox\xul.dll+efb3ec|C:\Program Files\Mozilla Firefox\xul.dll+ef8bd2|C:\Program Files\Mozilla Firefox\xul.dll+f0549e|C:\Program Files\Mozilla Firefox\xul.dll+a15354|C:\Program Files\Mozilla Firefox\xul.dll+3b173|C:\Program Files\Mozilla Firefox\xul.dll+39f6d|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+a1c285|C:\Program Files\Mozilla Firefox\nss3.dll+12c0da|C:\Program Files\Mozilla Firefox\nss3.dll+11d1c1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016551Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.799{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe83.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6900.13.229237942\1768910558" -childID 2 -isForBrowser -prefsHandle 2700 -prefMapHandle 2696 -prefsLen 1164 -prefMapSize 228837 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6900 "\\.\pipe\gecko-crash-server-pipe.6900" 2676 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792LowMD5=EC6EFFE90D1EC308D9AFA9D10D45C994,SHA256=CAEA525D11F6DC78E33FAE7DF286CF05ED8FD890964ED9EBDFF6973BC35DF302,IMPHASH=A0E54F8DE4BDDF36D2C9289AE58AD3D8{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016550Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016549Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016548Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.791{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016547Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.776{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69003628C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3d620bb|C:\Program Files\Mozilla Firefox\xul.dll+3d6317d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016546Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a 10341000x800000000000000016545Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649 10341000x800000000000000016544Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a 10341000x800000000000000016543Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649 10341000x800000000000000016542Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000016541Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000016540Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff74e1|C:\Program Files\Mozilla Firefox\xul.dll+16a8366|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016539Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff73e1|C:\Program Files\Mozilla Firefox\xul.dll+16a8198|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016538Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff72e1|C:\Program Files\Mozilla Firefox\xul.dll+16a7fee|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016537Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff71e1|C:\Program Files\Mozilla Firefox\xul.dll+16a7e3f|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016536Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b3d649|C:\Program Files\Mozilla Firefox\xul.dll+2b15555|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+274f63|C:\Program Files\Mozilla Firefox\xul.dll+4c27d8|C:\Program Files\Mozilla Firefox\xul.dll+1b779b1 10341000x800000000000000016535Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016534Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016533Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016532Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016531Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016530Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016529Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016528Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016527Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016526Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016525Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016524Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016523Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f 10341000x800000000000000016522Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b15221|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+274f63|C:\Program Files\Mozilla Firefox\xul.dll+4c27d8 10341000x800000000000000016521Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+2b15193|C:\Program Files\Mozilla Firefox\xul.dll+2b14880|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+274f63|C:\Program Files\Mozilla Firefox\xul.dll+4c27d8|C:\Program Files\Mozilla Firefox\xul.dll+1b779b1|C:\Program Files\Mozilla Firefox\xul.dll+233be8 10341000x800000000000000016520Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69005048C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f041ea|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+e47e|C:\Program Files\Mozilla Firefox\xul.dll+edc8a1|C:\Program Files\Mozilla Firefox\xul.dll+e1a5|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+edd581|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016519Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.745{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016518Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.745{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016517Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.745{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016516Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.745{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016515Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.745{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016514Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.745{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69004324C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+4f952|C:\Program Files\Mozilla Firefox\firefox.exe+2cb03|C:\Program Files\Mozilla Firefox\xul.dll+9612bb|C:\Program Files\Mozilla Firefox\xul.dll+efb3ec|C:\Program Files\Mozilla Firefox\xul.dll+ef8bd2|C:\Program Files\Mozilla Firefox\xul.dll+f0549e|C:\Program Files\Mozilla Firefox\xul.dll+a15354|C:\Program Files\Mozilla Firefox\xul.dll+3b173|C:\Program Files\Mozilla Firefox\xul.dll+39f6d|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+a1c285|C:\Program Files\Mozilla Firefox\nss3.dll+12c0da|C:\Program Files\Mozilla Firefox\nss3.dll+11d1c1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016513Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.757{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe83.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6900.6.1246953355\1424454773" -childID 1 -isForBrowser -prefsHandle 2432 -prefMapHandle 1920 -prefsLen 1025 -prefMapSize 228837 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6900 "\\.\pipe\gecko-crash-server-pipe.6900" 2444 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792LowMD5=EC6EFFE90D1EC308D9AFA9D10D45C994,SHA256=CAEA525D11F6DC78E33FAE7DF286CF05ED8FD890964ED9EBDFF6973BC35DF302,IMPHASH=A0E54F8DE4BDDF36D2C9289AE58AD3D8{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016512Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.745{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016511Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.713{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea48|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2f77388|C:\Program Files\Mozilla Firefox\xul.dll+2f79b3b|C:\Program Files\Mozilla Firefox\xul.dll+2ca059|C:\Program Files\Mozilla Firefox\xul.dll+2f560a1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000016510Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.713{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea21|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2f77388|C:\Program Files\Mozilla Firefox\xul.dll+2f79b3b|C:\Program Files\Mozilla Firefox\xul.dll+2ca059|C:\Program Files\Mozilla Firefox\xul.dll+2f560a1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000016509Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.713{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dce9f6|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2f77388|C:\Program Files\Mozilla Firefox\xul.dll+2f79b3b|C:\Program Files\Mozilla Firefox\xul.dll+2ca059|C:\Program Files\Mozilla Firefox\xul.dll+2f560a1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000016508Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.713{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff6ce1|C:\Program Files\Mozilla Firefox\xul.dll+16a6335|C:\Program Files\Mozilla Firefox\xul.dll+16a755f|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2f77388|C:\Program Files\Mozilla Firefox\xul.dll+2f79b3b|C:\Program Files\Mozilla Firefox\xul.dll+2ca059|C:\Program Files\Mozilla Firefox\xul.dll+2f560a1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961 10341000x800000000000000016507Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.713{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff6ae1|C:\Program Files\Mozilla Firefox\xul.dll+16a60ed|C:\Program Files\Mozilla Firefox\xul.dll+16a7557|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2f77388|C:\Program Files\Mozilla Firefox\xul.dll+2f79b3b|C:\Program Files\Mozilla Firefox\xul.dll+2ca059|C:\Program Files\Mozilla Firefox\xul.dll+2f560a1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961 10341000x800000000000000016506Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.713{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff68e1|C:\Program Files\Mozilla Firefox\xul.dll+16a5e5f|C:\Program Files\Mozilla Firefox\xul.dll+16a754f|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2f77388|C:\Program Files\Mozilla Firefox\xul.dll+2f79b3b|C:\Program Files\Mozilla Firefox\xul.dll+2ca059|C:\Program Files\Mozilla Firefox\xul.dll+2f560a1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961 10341000x800000000000000016505Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.604{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff69e1|C:\Program Files\Mozilla Firefox\xul.dll+16a65a0|C:\Program Files\Mozilla Firefox\xul.dll+16a48e6|C:\Program Files\Mozilla Firefox\xul.dll+e66a44|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39 10341000x800000000000000016504Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.510{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016503Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.510{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016502Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.510{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016501Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.510{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69003628C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3d620bb|C:\Program Files\Mozilla Firefox\xul.dll+3d6317d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016500Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.494{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016499Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.494{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016498Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.494{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69005048C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f041ea|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+e47e|C:\Program Files\Mozilla Firefox\xul.dll+edc8a1|C:\Program Files\Mozilla Firefox\xul.dll+e1a5|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+edd581|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016497Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.494{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016496Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.494{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016495Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.494{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016494Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.494{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365108C:\Windows\system32\csrss.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016493Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.494{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69004324C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+ede16e|C:\Program Files\Mozilla Firefox\xul.dll+efb259|C:\Program Files\Mozilla Firefox\xul.dll+ef8bd2|C:\Program Files\Mozilla Firefox\xul.dll+f0549e|C:\Program Files\Mozilla Firefox\xul.dll+a15354|C:\Program Files\Mozilla Firefox\xul.dll+3b173|C:\Program Files\Mozilla Firefox\xul.dll+39f6d|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+a1c285|C:\Program Files\Mozilla Firefox\nss3.dll+12c0da|C:\Program Files\Mozilla Firefox\nss3.dll+11d1c1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016492Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.498{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe83.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6900.0.1036266548\1686362946" -parentBuildID 20201112153044 -prefsHandle 1800 -prefMapHandle 1864 -prefsLen 1 -prefMapSize 228837 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6900 "\\.\pipe\gecko-crash-server-pipe.6900" 1944 gpuC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792MediumMD5=EC6EFFE90D1EC308D9AFA9D10D45C994,SHA256=CAEA525D11F6DC78E33FAE7DF286CF05ED8FD890964ED9EBDFF6973BC35DF302,IMPHASH=A0E54F8DE4BDDF36D2C9289AE58AD3D8{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016491Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.494{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016490Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.494{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016489Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.463{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016488Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.463{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016487Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.463{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016486Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.198{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-702B-5FB6-0000-00104E212500}1284C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016485Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.198{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-702B-5FB6-0000-00104E212500}1284C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016484Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.198{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11364392C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-00104E212500}1284C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016483Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.182{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-00104E212500}1284C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016482Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.166{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-702B-5FB6-0000-00104E212500}1284C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016481Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.166{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-00104E212500}1284C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016480Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.166{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016479Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.166{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016478Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.166{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016477Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.120{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016476Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.120{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016475Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.120{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016710Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.932{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016709Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.932{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000016708Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:16:27.165{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local61845false52.40.50.138ec2-52-40-50-138.us-west-2.compute.amazonaws.com80http 10341000x800000000000000016707Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.832{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900876C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+efd77e|C:\Program Files\Mozilla Firefox\xul.dll+10115f4|C:\Program Files\Mozilla Firefox\xul.dll+1150af1|C:\Program Files\Mozilla Firefox\xul.dll+f0bc30|C:\Program Files\Mozilla Firefox\xul.dll+f0d1b3|C:\Program Files\Mozilla Firefox\xul.dll+3b4cc|C:\Program Files\Mozilla Firefox\xul.dll+39ea2|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+a1c285|C:\Program Files\Mozilla Firefox\nss3.dll+12c0da|C:\Program Files\Mozilla Firefox\nss3.dll+11d1c1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016706Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.832{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016705Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.832{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016704Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.828{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016703Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.828{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016702Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.791{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f839e8|C:\Program Files\Mozilla Firefox\xul.dll+fccfe0|C:\Program Files\Mozilla Firefox\xul.dll+2b232d4|C:\Program Files\Mozilla Firefox\xul.dll+fa7113|C:\Program Files\Mozilla Firefox\xul.dll+f0bc30|C:\Program Files\Mozilla Firefox\xul.dll+f0d1b3|C:\Program Files\Mozilla Firefox\xul.dll+a0de9e|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39 10341000x800000000000000016701Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.776{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016700Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.776{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016699Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.776{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69003628C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3d620bb|C:\Program Files\Mozilla Firefox\xul.dll+3d6317d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016698Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff74e1|C:\Program Files\Mozilla Firefox\xul.dll+16a8366|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016697Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff73e1|C:\Program Files\Mozilla Firefox\xul.dll+16a8198|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016696Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff72e1|C:\Program Files\Mozilla Firefox\xul.dll+16a7fee|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016695Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff71e1|C:\Program Files\Mozilla Firefox\xul.dll+16a7e3f|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016694Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b3d649|C:\Program Files\Mozilla Firefox\xul.dll+2b15555|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016693Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016692Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016691Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016690Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016689Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016688Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016687Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016686Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016685Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016684Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016683Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016682Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016681Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa 10341000x800000000000000016680Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b15221|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da 10341000x800000000000000016679Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.760{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+2b15193|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016678Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.745{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69005048C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f041ea|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+e47e|C:\Program Files\Mozilla Firefox\xul.dll+edc8a1|C:\Program Files\Mozilla Firefox\xul.dll+e1a5|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+edd581|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016677Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.745{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016676Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.745{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016675Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.745{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016674Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.745{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016673Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.745{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365216C:\Windows\system32\csrss.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016672Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.745{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69004324C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+4f952|C:\Program Files\Mozilla Firefox\firefox.exe+2cb03|C:\Program Files\Mozilla Firefox\xul.dll+9612bb|C:\Program Files\Mozilla Firefox\xul.dll+efb3ec|C:\Program Files\Mozilla Firefox\xul.dll+ef8bd2|C:\Program Files\Mozilla Firefox\xul.dll+f0549e|C:\Program Files\Mozilla Firefox\xul.dll+a15354|C:\Program Files\Mozilla Firefox\xul.dll+3b173|C:\Program Files\Mozilla Firefox\xul.dll+39f6d|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+a1c285|C:\Program Files\Mozilla Firefox\nss3.dll+12c0da|C:\Program Files\Mozilla Firefox\nss3.dll+11d1c1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016671Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.753{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe83.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6900.20.313425971\1311205722" -childID 3 -isForBrowser -prefsHandle 3496 -prefMapHandle 3592 -prefsLen 2165 -prefMapSize 228837 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6900 "\\.\pipe\gecko-crash-server-pipe.6900" 3604 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792LowMD5=EC6EFFE90D1EC308D9AFA9D10D45C994,SHA256=CAEA525D11F6DC78E33FAE7DF286CF05ED8FD890964ED9EBDFF6973BC35DF302,IMPHASH=A0E54F8DE4BDDF36D2C9289AE58AD3D8{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016670Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.745{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016669Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.573{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000016668Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.573{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000016667Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.573{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000016666Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.573{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000016665Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.557{2CC55DE6-6BC6-5FB6-0000-001085470800}44202640C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13711|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000016664Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.557{2CC55DE6-6BC6-5FB6-0000-001085470800}44202640C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13624|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000016663Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.557{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13d1e|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+8635|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+853f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17343|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000016662Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.532{2CC55DE6-6BC6-5FB6-0000-001085470800}44202640C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13711|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000016661Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.532{2CC55DE6-6BC6-5FB6-0000-001085470800}44202640C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13624|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000016660Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.532{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13d1e|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+8635|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+853f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17343|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7 22542200x800000000000000016659Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.471{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d2nxq2uap88usk.cloudfront.net02600:9000:214f:8800:a:da5e:7900:93a1;2600:9000:214f:ba00:a:da5e:7900:93a1;2600:9000:214f:c400:a:da5e:7900:93a1;2600:9000:214f:d000:a:da5e:7900:93a1;2600:9000:214f:e00:a:da5e:7900:93a1;2600:9000:214f:1c00:a:da5e:7900:93a1;2600:9000:214f:5a00:a:da5e:7900:93a1;2600:9000:214f:6e00:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016658Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.469{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d2nxq2uap88usk.cloudfront.net0143.204.201.62;143.204.201.102;143.204.201.20;143.204.201.58;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000016657Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.370{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016656Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.370{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b3d649|C:\Program Files\Mozilla Firefox\xul.dll+2b1953d|C:\Program Files\Mozilla Firefox\xul.dll+2afeee2|C:\Program Files\Mozilla Firefox\xul.dll+18f3086|C:\Program Files\Mozilla Firefox\xul.dll+275522|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2fc3698|C:\Program Files\Mozilla Firefox\xul.dll+6268bb|C:\Program Files\Mozilla Firefox\xul.dll+3a9a9c1|C:\Program Files\Mozilla Firefox\xul.dll+62afd2|C:\Program Files\Mozilla Firefox\xul.dll+17d452b|C:\Program Files\Mozilla Firefox\xul.dll+17d69ab|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034 10341000x800000000000000016655Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.354{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+14b8149|C:\Program Files\Mozilla Firefox\xul.dll+14b8033|C:\Program Files\Mozilla Firefox\xul.dll+1592e9f|C:\Program Files\Mozilla Firefox\xul.dll+159275c|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+5ede3d|C:\Program Files\Mozilla Firefox\xul.dll+2210bf6|C:\Program Files\Mozilla Firefox\xul.dll+1d10951|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+2b875e|C:\Program Files\Mozilla Firefox\xul.dll+3247d8|C:\Program Files\Mozilla Firefox\xul.dll+327d4c 10341000x800000000000000016654Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.354{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+161979e|C:\Program Files\Mozilla Firefox\xul.dll+14553aa|C:\Program Files\Mozilla Firefox\xul.dll+1454c9b|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+1444f56|C:\Program Files\Mozilla Firefox\xul.dll+1593c2d|C:\Program Files\Mozilla Firefox\xul.dll+2202be0|C:\Program Files\Mozilla Firefox\xul.dll+2202654|C:\Program Files\Mozilla Firefox\xul.dll+22108bd|C:\Program Files\Mozilla Firefox\xul.dll+1d10951|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+2b875e 10341000x800000000000000016653Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.354{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+1444f56|C:\Program Files\Mozilla Firefox\xul.dll+1593c2d|C:\Program Files\Mozilla Firefox\xul.dll+2202be0|C:\Program Files\Mozilla Firefox\xul.dll+2202654|C:\Program Files\Mozilla Firefox\xul.dll+22108bd|C:\Program Files\Mozilla Firefox\xul.dll+1d10951|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+2b875e 10341000x800000000000000016652Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016651Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.230{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016650Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.229{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 534500x800000000000000016649Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-701E-5FB6-0000-00107F282400}1932C:\Users\Administrator\Downloads\Firefox Installer.exe 10341000x800000000000000016648Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016647Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016646Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016645Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016644Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016643Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 534500x800000000000000016642Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-701F-5FB6-0000-0010542D2400}2044C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8724C45\setup-stub.exe 10341000x800000000000000016641Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016640Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016639Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016638Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016637Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016636Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016635Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.130{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016634Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.130{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016633Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.129{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016632Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.129{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016631Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.126{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016630Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.126{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016629Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.124{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016628Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.124{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016627Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.121{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016626Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.121{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016625Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.104{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016624Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.104{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016623Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.104{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016622Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.104{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f839e8|C:\Program Files\Mozilla Firefox\xul.dll+fa0402|C:\Program Files\Mozilla Firefox\xul.dll+2b345fd|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9|C:\Program Files\Mozilla Firefox\xul.dll+3d80591 10341000x800000000000000016621Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.057{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900876C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+efd77e|C:\Program Files\Mozilla Firefox\xul.dll+10115f4|C:\Program Files\Mozilla Firefox\xul.dll+1150af1|C:\Program Files\Mozilla Firefox\xul.dll+f0bc30|C:\Program Files\Mozilla Firefox\xul.dll+f0d1b3|C:\Program Files\Mozilla Firefox\xul.dll+3b4cc|C:\Program Files\Mozilla Firefox\xul.dll+39f6d|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+a1c285|C:\Program Files\Mozilla Firefox\nss3.dll+12c0da|C:\Program Files\Mozilla Firefox\nss3.dll+11d1c1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016620Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.032{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016619Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.032{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13df0|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+a1f421|C:\Program Files\Mozilla Firefox\xul.dll+5171ae2|C:\Program Files\Mozilla Firefox\xul.dll+11f7284|C:\Program Files\Mozilla Firefox\xul.dll+11f9034|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3|C:\Program Files\Mozilla Firefox\xul.dll+11f3a76|C:\Program Files\Mozilla Firefox\xul.dll+19d8fa|C:\Program Files\Mozilla Firefox\xul.dll+5171b39|C:\Program Files\Mozilla Firefox\xul.dll+3c256da|C:\Program Files\Mozilla Firefox\xul.dll+3c25da9 10341000x800000000000000016763Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.979{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016762Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.979{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016761Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.979{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016760Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.919{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016759Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.919{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016758Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.919{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016757Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.901{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016756Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.901{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016755Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.901{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016754Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.854{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016753Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.854{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016752Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.854{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016751Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.776{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69002940C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016750Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.732{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69002940C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016749Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.732{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016748Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.682{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea48|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2f77388|C:\Program Files\Mozilla Firefox\xul.dll+2f79b3b|C:\Program Files\Mozilla Firefox\xul.dll+2ca059|C:\Program Files\Mozilla Firefox\xul.dll+2fc4c2a|C:\Program Files\Mozilla Firefox\xul.dll+3a6b5e1|C:\Program Files\Mozilla Firefox\xul.dll+3a6b168|C:\Program Files\Mozilla Firefox\xul.dll+127e16c|C:\Program Files\Mozilla Firefox\xul.dll+127d9d2|C:\Program Files\Mozilla Firefox\xul.dll+127cd01 10341000x800000000000000016747Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.682{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea21|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2f77388|C:\Program Files\Mozilla Firefox\xul.dll+2f79b3b|C:\Program Files\Mozilla Firefox\xul.dll+2ca059|C:\Program Files\Mozilla Firefox\xul.dll+2fc4c2a|C:\Program Files\Mozilla Firefox\xul.dll+3a6b5e1|C:\Program Files\Mozilla Firefox\xul.dll+3a6b168|C:\Program Files\Mozilla Firefox\xul.dll+127e16c|C:\Program Files\Mozilla Firefox\xul.dll+127d9d2|C:\Program Files\Mozilla Firefox\xul.dll+127cd01 10341000x800000000000000016746Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.682{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dce9f6|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2f77388|C:\Program Files\Mozilla Firefox\xul.dll+2f79b3b|C:\Program Files\Mozilla Firefox\xul.dll+2ca059|C:\Program Files\Mozilla Firefox\xul.dll+2fc4c2a|C:\Program Files\Mozilla Firefox\xul.dll+3a6b5e1|C:\Program Files\Mozilla Firefox\xul.dll+3a6b168|C:\Program Files\Mozilla Firefox\xul.dll+127e16c|C:\Program Files\Mozilla Firefox\xul.dll+127d9d2|C:\Program Files\Mozilla Firefox\xul.dll+127cd01 10341000x800000000000000016745Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.682{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1 10341000x800000000000000016744Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.682{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48 22542200x800000000000000016743Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.652{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900cs9.wac.phicdn.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016742Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.648{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900cs9.wac.phicdn.net093.184.220.29;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016741Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.639{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900prod-classifyclient.normandy.prod.cloudops.mozgcp.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016740Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:27.637{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900prod-classifyclient.normandy.prod.cloudops.mozgcp.net034.98.75.36;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000016739Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.401{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000016738Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.401{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000016737Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.354{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000016736Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.354{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000016735Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.307{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b3d649|C:\Program Files\Mozilla Firefox\xul.dll+2b126f4|C:\Program Files\Mozilla Firefox\xul.dll+2b14826|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c7ec3|C:\Program Files\Mozilla Firefox\xul.dll+18f74be|C:\Program Files\Mozilla Firefox\xul.dll+20a26d8|C:\Program Files\Mozilla Firefox\xul.dll+23fe9e|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+19b024|C:\Program Files\Mozilla Firefox\xul.dll+109633 10341000x800000000000000016734Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+1972ee|UNKNOWN(00000086A41B2014) 10341000x800000000000000016733Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+1972ee|UNKNOWN(00000086A41B2014) 10341000x800000000000000016732Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+1972ee|UNKNOWN(00000086A41B2014) 10341000x800000000000000016731Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+1972ee|UNKNOWN(00000086A41B2014) 10341000x800000000000000016730Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+1972ee|UNKNOWN(00000086A41B2014) 10341000x800000000000000016729Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+1972ee|UNKNOWN(00000086A41B2014) 10341000x800000000000000016728Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+1972ee|UNKNOWN(00000086A41B2014) 10341000x800000000000000016727Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+1972ee|UNKNOWN(00000086A41B2014) 10341000x800000000000000016726Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+1972ee|UNKNOWN(00000086A41B2014) 10341000x800000000000000016725Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+3e479c1|C:\Program Files\Mozilla Firefox\xul.dll+3e5b395|C:\Program Files\Mozilla Firefox\xul.dll+3e5b5ae|C:\Program Files\Mozilla Firefox\xul.dll+3e5b504|C:\Program Files\Mozilla Firefox\xul.dll+11b155a|C:\Program Files\Mozilla Firefox\xul.dll+13e643|C:\Program Files\Mozilla Firefox\xul.dll+17f5525|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+19b024|C:\Program Files\Mozilla Firefox\xul.dll+1a1beb|C:\Program Files\Mozilla Firefox\xul.dll+3e3ab77|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3 10341000x800000000000000016724Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+3e479c1|C:\Program Files\Mozilla Firefox\xul.dll+3e5b395|C:\Program Files\Mozilla Firefox\xul.dll+3e5b5ae|C:\Program Files\Mozilla Firefox\xul.dll+3e5b504|C:\Program Files\Mozilla Firefox\xul.dll+11b155a|C:\Program Files\Mozilla Firefox\xul.dll+13e643|C:\Program Files\Mozilla Firefox\xul.dll+17f5525|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+19b024|C:\Program Files\Mozilla Firefox\xul.dll+1a1beb|C:\Program Files\Mozilla Firefox\xul.dll+3e3ab77|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3 10341000x800000000000000016723Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.291{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+3e479c1|C:\Program Files\Mozilla Firefox\xul.dll+3e5b395|C:\Program Files\Mozilla Firefox\xul.dll+3e5b5ae|C:\Program Files\Mozilla Firefox\xul.dll+3e5b504|C:\Program Files\Mozilla Firefox\xul.dll+11b155a|C:\Program Files\Mozilla Firefox\xul.dll+13e643|C:\Program Files\Mozilla Firefox\xul.dll+17f5525|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+19b024|C:\Program Files\Mozilla Firefox\xul.dll+1a1beb|C:\Program Files\Mozilla Firefox\xul.dll+3e3ab77|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+19dcd3 10341000x800000000000000016722Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.245{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2d57d37|C:\Program Files\Mozilla Firefox\xul.dll+2d57c59|C:\Program Files\Mozilla Firefox\xul.dll+2e3ba22|C:\Program Files\Mozilla Firefox\xul.dll+2e38b85|C:\Program Files\Mozilla Firefox\xul.dll+2e36d24|C:\Program Files\Mozilla Firefox\xul.dll+2e2da24 10341000x800000000000000016721Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.232{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000016720Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.232{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016719Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.229{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016718Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.213{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926020C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016717Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.213{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016716Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.213{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016715Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.166{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016714Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.121{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b3d649|C:\Program Files\Mozilla Firefox\xul.dll+2b3e04d|C:\Program Files\Mozilla Firefox\xul.dll+2b12944|C:\Program Files\Mozilla Firefox\xul.dll+2b14826|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c7ec3|C:\Program Files\Mozilla Firefox\xul.dll+18f74be|C:\Program Files\Mozilla Firefox\xul.dll+20a26d8|C:\Program Files\Mozilla Firefox\xul.dll+23fe9e|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+19b024 10341000x800000000000000016713Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.104{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea48|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c7ec3|C:\Program Files\Mozilla Firefox\xul.dll+18f74be 10341000x800000000000000016712Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.104{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea21|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c7ec3|C:\Program Files\Mozilla Firefox\xul.dll+18f74be 10341000x800000000000000016711Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.104{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dce9f6|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c7ec3|C:\Program Files\Mozilla Firefox\xul.dll+18f74be 10341000x800000000000000016848Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.682{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016847Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.682{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016846Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.682{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016845Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.682{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016844Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.651{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016843Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.651{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016842Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.651{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016841Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.651{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000016840Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.743{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900a771.dscq.akamai.net02a02:26f0:eb::214:bdb3;2a02:26f0:eb::214:bd5a;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016839Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.740{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900a771.dscq.akamai.net0184.24.77.58;184.24.77.48;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016838Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.448{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900firefox.com9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016837Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.444{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900firefox.com044.236.72.93;44.235.246.155;44.236.48.31;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016836Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.443{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900firefox.com0::ffff:44.236.48.31;::ffff:44.236.72.93;::ffff:44.235.246.155;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016835Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.328{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900accounts.firefox.com9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016834Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.326{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900accounts.firefox.com052.40.168.255;34.210.168.158;35.155.76.53;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016833Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.325{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900accounts.firefox.com0::ffff:35.155.76.53;::ffff:52.40.168.255;::ffff:34.210.168.158;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016832Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.281{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900proxyserverecs-1736642167.us-east-1.elb.amazonaws.com9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016831Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.274{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900prod.pocket.prod.cloudops.mozgcp.net02600:1901:0:524c::;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016830Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.271{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900proxyserverecs-1736642167.us-east-1.elb.amazonaws.com052.45.6.240;52.202.154.119;54.221.57.17;3.211.216.81;3.215.209.232;18.208.93.32;35.169.67.87;50.16.145.165;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016829Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.271{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900prod.pocket.prod.cloudops.mozgcp.net034.120.5.221;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016828Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.270{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900spocs.getpocket.com0type: 5 proxyserverecs-1736642167.us-east-1.elb.amazonaws.com;::ffff:50.16.145.165;::ffff:52.45.6.240;::ffff:52.202.154.119;::ffff:54.221.57.17;::ffff:3.211.216.81;::ffff:3.215.209.232;::ffff:18.208.93.32;::ffff:35.169.67.87;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016827Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.262{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016826Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.261{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com052.32.14.183;52.35.83.137;52.89.213.25;52.89.230.205;54.191.136.131;54.201.107.8;34.210.106.102;52.10.162.146;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016825Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.908{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.mozilla.org.cdn.cloudflare.net02606:4700::6812:a422;2606:4700::6812:a522;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016824Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.906{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.mozilla.org.cdn.cloudflare.net0104.18.165.34;104.18.164.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016823Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.905{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900example.org0::ffff:93.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016822Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.905{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900example.org093.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016821Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.874{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900prod.detectportal.prod.cloudops.mozgcp.net02600:1901:0:38d7::;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016820Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.872{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900prod.detectportal.prod.cloudops.mozgcp.net034.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016819Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:28.871{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900detectportal.firefox.com0type: 5 detectportal.prod.mozaws.net;type: 5 prod.detectportal.prod.cloudops.mozgcp.net;::ffff:34.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000016818Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.307{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016817Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.198{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13abf|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016816Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.198{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13abf|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016815Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.198{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13abf|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016814Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.198{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13abf|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016813Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.182{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900876C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+efd77e|C:\Program Files\Mozilla Firefox\xul.dll+10115f4|C:\Program Files\Mozilla Firefox\xul.dll+1150af1|C:\Program Files\Mozilla Firefox\xul.dll+f0bc30|C:\Program Files\Mozilla Firefox\xul.dll+f0d1b3|C:\Program Files\Mozilla Firefox\xul.dll+3b4cc|C:\Program Files\Mozilla Firefox\xul.dll+39f6d|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+a1c285|C:\Program Files\Mozilla Firefox\nss3.dll+12c0da|C:\Program Files\Mozilla Firefox\nss3.dll+11d1c1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016812Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.166{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016811Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.166{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016810Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.166{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016809Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.166{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016808Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.132{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f839e8|C:\Program Files\Mozilla Firefox\xul.dll+fccfe0|C:\Program Files\Mozilla Firefox\xul.dll+2b232d4|C:\Program Files\Mozilla Firefox\xul.dll+fa7113|C:\Program Files\Mozilla Firefox\xul.dll+f0bc30|C:\Program Files\Mozilla Firefox\xul.dll+f0d1b3|C:\Program Files\Mozilla Firefox\xul.dll+a0de9e|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458 10341000x800000000000000016807Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.128{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016806Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.127{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016805Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.124{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69003628C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3d620bb|C:\Program Files\Mozilla Firefox\xul.dll+3d6317d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016804Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff74e1|C:\Program Files\Mozilla Firefox\xul.dll+16a8366|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016803Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff73e1|C:\Program Files\Mozilla Firefox\xul.dll+16a8198|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016802Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff72e1|C:\Program Files\Mozilla Firefox\xul.dll+16a7fee|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016801Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff71e1|C:\Program Files\Mozilla Firefox\xul.dll+16a7e3f|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016800Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b3d649|C:\Program Files\Mozilla Firefox\xul.dll+2b15555|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016799Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016798Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016797Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016796Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016795Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016794Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016793Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016792Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016791Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016790Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016789Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016788Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016787Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000016786Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b15221|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000016785Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+2b15193|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016784Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69005048C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f041ea|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+e47e|C:\Program Files\Mozilla Firefox\xul.dll+edc8a1|C:\Program Files\Mozilla Firefox\xul.dll+e1a5|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+edd581|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016783Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016782Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016781Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016780Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016779Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365108C:\Windows\system32\csrss.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016778Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69004324C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+4f952|C:\Program Files\Mozilla Firefox\firefox.exe+2cb03|C:\Program Files\Mozilla Firefox\xul.dll+9612bb|C:\Program Files\Mozilla Firefox\xul.dll+efb3ec|C:\Program Files\Mozilla Firefox\xul.dll+ef8bd2|C:\Program Files\Mozilla Firefox\xul.dll+f0549e|C:\Program Files\Mozilla Firefox\xul.dll+a15354|C:\Program Files\Mozilla Firefox\xul.dll+3b173|C:\Program Files\Mozilla Firefox\xul.dll+39f6d|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+a1c285|C:\Program Files\Mozilla Firefox\nss3.dll+12c0da|C:\Program Files\Mozilla Firefox\nss3.dll+11d1c1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016777Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.092{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe83.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6900.27.975388846\2077777644" -childID 4 -isForBrowser -prefsHandle 3920 -prefMapHandle 3904 -prefsLen 11095 -prefMapSize 228837 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6900 "\\.\pipe\gecko-crash-server-pipe.6900" 1660 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792LowMD5=EC6EFFE90D1EC308D9AFA9D10D45C994,SHA256=CAEA525D11F6DC78E33FAE7DF286CF05ED8FD890964ED9EBDFF6973BC35DF302,IMPHASH=A0E54F8DE4BDDF36D2C9289AE58AD3D8{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016776Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.088{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016775Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.057{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016774Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.057{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016773Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.057{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016772Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.032{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016771Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.032{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016770Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.032{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016769Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.030{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016768Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.030{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016767Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.030{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016766Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.994{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016765Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.994{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016764Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.994{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b413cb|C:\Program Files\Mozilla Firefox\xul.dll+1b3fbb7|C:\Program Files\Mozilla Firefox\xul.dll+233be8|UNKNOWN(00000086A4215E7C) 10341000x800000000000000016897Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.967{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016896Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.965{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016895Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.961{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016894Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.957{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016893Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.957{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016892Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.946{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016891Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.943{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016890Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.940{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016889Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.939{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000016888Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.035{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d1zkz3k4cclnv6.cloudfront.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016887Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.033{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d1zkz3k4cclnv6.cloudfront.net0143.204.201.3;143.204.201.113;143.204.201.123;143.204.201.2;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016886Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.951{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900dzlgdtxcws9pb.cloudfront.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016885Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.940{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900dzlgdtxcws9pb.cloudfront.net0143.204.93.114;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016884Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.939{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.firefox.com0type: 5 fxc-prod.moz.works;type: 5 dzlgdtxcws9pb.cloudfront.net;::ffff:143.204.93.114;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016883Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.785{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d228z91au11ukj.cloudfront.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016882Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:29.783{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d228z91au11ukj.cloudfront.net0143.204.90.8;143.204.90.51;143.204.90.82;143.204.90.110;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000016881Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.406{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-702F-5FB6-0000-0010D6B42500}2580C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016880Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.406{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-702F-5FB6-0000-0010D6B42500}2580C:\Windows\system32\rundll32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016879Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.404{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-702F-5FB6-0000-001075B42500}6804C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016878Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.404{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-702F-5FB6-0000-001075B42500}6804C:\Windows\system32\rundll32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016877Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.403{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-702F-5FB6-0000-00100DB42500}1428C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016876Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.403{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-702F-5FB6-0000-00100DB42500}1428C:\Windows\system32\rundll32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016875Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.393{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-702F-5FB6-0000-0010D6B42500}2580C:\Windows\system32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016874Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.393{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-702F-5FB6-0000-0010D6B42500}2580C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016873Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.393{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-702F-5FB6-0000-00100DB42500}1428C:\Windows\system32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016872Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.393{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11363068C:\Windows\system32\svchost.exe{2CC55DE6-702F-5FB6-0000-001075B42500}6804C:\Windows\system32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016871Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.393{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-702F-5FB6-0000-00100DB42500}1428C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016870Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.393{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-702F-5FB6-0000-001075B42500}6804C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016869Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.380{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016868Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.380{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016867Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.380{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016866Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.380{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016865Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.379{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365216C:\Windows\system32\csrss.exe{2CC55DE6-702F-5FB6-0000-0010D6B42500}2580C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016864Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.379{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-702F-5FB6-0000-0010D6B42500}2580C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\iertutil.dll+26f1c|C:\Windows\SYSTEM32\iertutil.dll+27ff3|C:\Windows\SYSTEM32\iertutil.dll+27d62|C:\Windows\SYSTEM32\IEFRAME.dll+457d27|C:\Windows\SYSTEM32\IEFRAME.dll+457ade|C:\Windows\SYSTEM32\IEFRAME.dll+1b282c|C:\Windows\SYSTEM32\IEFRAME.dll+2e910|C:\Windows\SYSTEM32\IEFRAME.dll+2a83a6|C:\Windows\SYSTEM32\IEFRAME.dll+152634|C:\Windows\SYSTEM32\IEFRAME.dll+ccc61|C:\Windows\SYSTEM32\IEFRAME.dll+1526bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016863Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.379{2CC55DE6-702F-5FB6-0000-0010D6B42500}2580C:\Windows\System32\rundll32.exe10.0.14393.0 (rs1_release.160715-1616)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=C7645D43451C6D94D87F4D07BDE59C89,SHA256=495BBA47FC43EE23054FCD419F2F00457162D1C04296900C6AEA551102A810F3,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" 10341000x800000000000000016862Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.378{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016861Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.378{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016860Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.378{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016859Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.378{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016858Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.378{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365108C:\Windows\system32\csrss.exe{2CC55DE6-702F-5FB6-0000-001075B42500}6804C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016857Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.377{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-702F-5FB6-0000-001075B42500}6804C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\iertutil.dll+26f1c|C:\Windows\SYSTEM32\iertutil.dll+27ff3|C:\Windows\SYSTEM32\iertutil.dll+27d62|C:\Windows\SYSTEM32\IEFRAME.dll+457d27|C:\Windows\SYSTEM32\IEFRAME.dll+457ac2|C:\Windows\SYSTEM32\IEFRAME.dll+1b282c|C:\Windows\SYSTEM32\IEFRAME.dll+2e910|C:\Windows\SYSTEM32\IEFRAME.dll+2a83a6|C:\Windows\SYSTEM32\IEFRAME.dll+152634|C:\Windows\SYSTEM32\IEFRAME.dll+ccc61|C:\Windows\SYSTEM32\IEFRAME.dll+1526bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016856Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.377{2CC55DE6-702F-5FB6-0000-001075B42500}6804C:\Windows\System32\rundll32.exe10.0.14393.0 (rs1_release.160715-1616)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792MediumMD5=C7645D43451C6D94D87F4D07BDE59C89,SHA256=495BBA47FC43EE23054FCD419F2F00457162D1C04296900C6AEA551102A810F3,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" 10341000x800000000000000016855Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.376{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365216C:\Windows\system32\csrss.exe{2CC55DE6-702F-5FB6-0000-00100DB42500}1428C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016854Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.376{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016853Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.376{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016852Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.376{2CC55DE6-6FD0-5FB6-0000-001063721F00}50446816C:\Program Files\Internet Explorer\iexplore.exe{2CC55DE6-702F-5FB6-0000-00100DB42500}1428C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\iertutil.dll+26f1c|C:\Windows\SYSTEM32\iertutil.dll+27ff3|C:\Windows\SYSTEM32\iertutil.dll+27d62|C:\Windows\SYSTEM32\IEFRAME.dll+457d27|C:\Windows\SYSTEM32\IEFRAME.dll+457aa2|C:\Windows\SYSTEM32\IEFRAME.dll+1b282c|C:\Windows\SYSTEM32\IEFRAME.dll+2e910|C:\Windows\SYSTEM32\IEFRAME.dll+2a83a6|C:\Windows\SYSTEM32\IEFRAME.dll+152634|C:\Windows\SYSTEM32\IEFRAME.dll+ccc61|C:\Windows\SYSTEM32\IEFRAME.dll+1526bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016851Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.375{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016850Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.375{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016849Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:31.375{2CC55DE6-702F-5FB6-0000-00100DB42500}1428C:\Windows\System32\rundll32.exe10.0.14393.0 (rs1_release.160715-1616)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:8388616 WinX:0 WinY:0 IEFrame:0000000000000000C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792LowMD5=C7645D43451C6D94D87F4D07BDE59C89,SHA256=495BBA47FC43EE23054FCD419F2F00457162D1C04296900C6AEA551102A810F3,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{2CC55DE6-6FD0-5FB6-0000-001063721F00}5044C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" 22542200x800000000000000016904Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.247{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900img-prod.pocket.prod.cloudops.mozgcp.net02600:1901:0:e988::;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016903Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:30.233{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900img-prod.pocket.prod.cloudops.mozgcp.net034.120.237.76;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000016902Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.505{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-702F-5FB6-0000-00100DB42500}1428C:\Windows\system32\rundll32.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000016901Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.505{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-702F-5FB6-0000-00100DB42500}1428C:\Windows\system32\rundll32.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016900Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.444{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b44437|C:\Program Files\Mozilla Firefox\xul.dll+a188c6|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016899Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.438{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b3d649|C:\Program Files\Mozilla Firefox\xul.dll+2b1953d|C:\Program Files\Mozilla Firefox\xul.dll+2afeee2|C:\Program Files\Mozilla Firefox\xul.dll+18f3086|C:\Program Files\Mozilla Firefox\xul.dll+275522|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+274f63|C:\Program Files\Mozilla Firefox\xul.dll+559acf|C:\Program Files\Mozilla Firefox\xul.dll+18fe84b|C:\Program Files\Mozilla Firefox\xul.dll+20368e4|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e29b28|C:\Program Files\Mozilla Firefox\xul.dll+107123|C:\Program Files\Mozilla Firefox\xul.dll+2b875e|C:\Program Files\Mozilla Firefox\xul.dll+2b5466|C:\Program Files\Mozilla Firefox\xul.dll+23fb9c7|C:\Program Files\Mozilla Firefox\xul.dll+23f76bf|C:\Program Files\Mozilla Firefox\xul.dll+20d8a0 10341000x800000000000000016898Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.009{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000016937Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.128{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900simplisafe.com9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016936Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.127{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900simplisafe.com013.224.198.49;13.224.198.86;13.224.198.106;13.224.198.16;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016935Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.126{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900simplisafe.com0::ffff:13.224.198.16;::ffff:13.224.198.49;::ffff:13.224.198.86;::ffff:13.224.198.106;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016934Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.117{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900g2.shared.global.fastly.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016933Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.116{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.comparecards.com.cdn.cloudflare.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016932Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.114{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.businessinsider.de02606:4700:10::6816:439a;2606:4700:10::ac43:1d74;2606:4700:10::6816:429a;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016931Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.114{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.comparecards.com.cdn.cloudflare.net0104.19.179.13;104.19.178.13;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016930Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.113{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.comparecards.com0type: 5 www.comparecards.com.cdn.cloudflare.net;::ffff:104.19.178.13;::ffff:104.19.179.13;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016929Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.113{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900g2.shared.global.fastly.net0151.101.14.49;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016928Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.113{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.zeit.de0type: 5 g2.shared.global.fastly.net;::ffff:151.101.14.49;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016927Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.112{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.businessinsider.de0104.22.67.154;172.67.29.116;104.22.66.154;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016926Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.111{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.businessinsider.de0::ffff:104.22.66.154;::ffff:104.22.67.154;::ffff:172.67.29.116;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016925Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.110{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d21lj84g4rjzla.cloudfront.net02600:9000:214f:2600:1e:b6b1:7b80:93a1;2600:9000:214f:3e00:1e:b6b1:7b80:93a1;2600:9000:214f:5c00:1e:b6b1:7b80:93a1;2600:9000:214f:7800:1e:b6b1:7b80:93a1;2600:9000:214f:9200:1e:b6b1:7b80:93a1;2600:9000:214f:9400:1e:b6b1:7b80:93a1;2600:9000:214f:c000:1e:b6b1:7b80:93a1;2600:9000:214f:1400:1e:b6b1:7b80:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016924Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.109{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900getpocket.com9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016923Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.108{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d21lj84g4rjzla.cloudfront.net0143.204.201.20;143.204.201.32;143.204.201.38;143.204.201.42;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016922Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.107{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.sueddeutsche.de0type: 5 d21lj84g4rjzla.cloudfront.net;::ffff:143.204.201.42;::ffff:143.204.201.20;::ffff:143.204.201.32;::ffff:143.204.201.38;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016921Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.105{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900getpocket.com054.162.142.192;54.209.230.187;50.17.128.11;52.54.152.216;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016920Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.104{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900getpocket.com0::ffff:52.54.152.216;::ffff:54.162.142.192;::ffff:54.209.230.187;::ffff:50.17.128.11;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016919Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.104{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900reddit.map.fastly.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016918Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.103{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900dyna.wikimedia.org02620:0:862:ed1a::1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016917Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.102{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900reddit.map.fastly.net0199.232.53.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016916Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.102{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.reddit.com0type: 5 reddit.map.fastly.net;::ffff:199.232.53.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016915Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.101{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900dyna.wikimedia.org091.198.174.192;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016914Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.101{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900e11847.g.akamaiedge.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016913Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.101{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.wikipedia.org0type: 5 dyna.wikimedia.org;::ffff:91.198.174.192;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016912Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.098{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900youtube-ui.l.google.com02a00:1450:4001:81a::200e;2a00:1450:4001:81b::200e;2a00:1450:4001:821::200e;2a00:1450:4001:800::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016911Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.098{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900e11847.g.akamaiedge.net023.210.254.92;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016910Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.098{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900star-mini.c10r.facebook.com02a03:2880:f11c:8183:face:b00c:0:25de;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016909Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.097{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.ebay.de0type: 5 slot11847.ebay.com.edgekey.net;type: 5 e11847.g.akamaiedge.net;::ffff:23.210.254.92;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016908Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.096{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900youtube-ui.l.google.com0172.217.16.142;172.217.16.174;172.217.18.14;172.217.18.110;172.217.21.238;172.217.22.14;172.217.22.46;172.217.22.110;172.217.23.110;172.217.23.142;216.58.206.14;216.58.207.46;216.58.207.78;216.58.212.142;216.58.212.174;142.250.74.206;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016907Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.096{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900star-mini.c10r.facebook.com0157.240.20.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016906Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.095{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.youtube.com0type: 5 youtube-ui.l.google.com;::ffff:142.250.74.206;::ffff:172.217.16.142;::ffff:172.217.16.174;::ffff:172.217.18.14;::ffff:172.217.18.110;::ffff:172.217.21.238;::ffff:172.217.22.14;::ffff:172.217.22.46;::ffff:172.217.22.110;::ffff:172.217.23.110;::ffff:172.217.23.142;::ffff:216.58.206.14;::ffff:216.58.207.46;::ffff:216.58.207.78;::ffff:216.58.212.142;::ffff:216.58.212.174;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016905Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:32.095{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.facebook.com0type: 5 star-mini.c10r.facebook.com;::ffff:157.240.20.35;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000016942Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:36.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016941Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:36.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016940Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:36.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016939Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:36.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016938Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:36.088{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016974Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC8-5FB6-0000-0010D5C40800}2276C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016973Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC8-5FB6-0000-0010D5C40800}2276C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016972Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016971Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016970Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016969Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016968Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016967Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016966Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016965Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016964Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016963Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016962Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016961Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016960Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016959Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016958Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016957Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016956Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016955Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016954Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016953Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016952Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016951Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016950Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016949Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016948Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016947Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016946Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016945Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016944Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016943Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:38.557{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000016980Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:39.161{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.heise.de02a02:2e0:3fe:1001:7777:772e:2:85;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016979Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:39.161{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.handelsblatt.com02606:4700::6813:d582;2606:4700::6813:d482;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016978Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:39.159{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.handelsblatt.com0104.19.213.130;104.19.212.130;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016977Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:39.159{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.heise.de0193.99.144.85;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016976Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:39.159{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.handelsblatt.com0::ffff:104.19.212.130;::ffff:104.19.213.130;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016975Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:39.159{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.heise.de0::ffff:193.99.144.85;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016986Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:41.214{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900e11619.dsce6.akamaiedge.net02a02:26f0:3100:196::2d63;2a02:26f0:3100:1b7::2d63;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016985Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:41.210{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900e11619.dsce6.akamaiedge.net023.14.244.234;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016984Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:41.210{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.dw.com0type: 5 www.dw.com.edgekey.net;type: 5 e11619.dsce6.akamaiedge.net;::ffff:23.14.244.234;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016983Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:41.208{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69001e9.community9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016982Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:41.206{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69001e9.community0161.35.207.228;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016981Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:41.206{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69001e9.community0::ffff:161.35.207.228;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016989Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:43.226{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900lps.innogames.com02a00:1f78:fffd::d430:6225;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016988Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:43.224{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900lps.innogames.com0212.48.98.37;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016987Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:43.224{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900om.forgeofempires.com0type: 5 lps.innogames.com;::ffff:212.48.98.37;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016995Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:45.664{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900e12746.g.akamaiedge.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016994Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:45.662{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900e12746.g.akamaiedge.net0104.79.89.121;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016993Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:45.662{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.faz.net0type: 5 www.faz.net.edgekey.net;type: 5 e12746.g.akamaiedge.net;::ffff:104.79.89.121;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016992Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:45.661{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900orf.at02a01:468:1000:9::3;2a01:468:1000:9::4;2a01:468:1000:9::149;2a01:468:1000:9::150;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016991Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:45.659{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900orf.at0194.232.104.139;194.232.104.140;194.232.104.141;194.232.104.142;194.232.104.149;194.232.104.150;194.232.104.3;194.232.104.4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016990Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:45.658{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900orf.at0::ffff:194.232.104.4;::ffff:194.232.104.139;::ffff:194.232.104.140;::ffff:194.232.104.141;::ffff:194.232.104.142;::ffff:194.232.104.149;::ffff:194.232.104.150;::ffff:194.232.104.3;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017001Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:47.693{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.tagesspiegel.de02606:4700::6813:ff03;2606:4700::6813:9004;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017000Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:47.692{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.berliner-zeitung.de02606:4700:10::ac43:24b2;2606:4700:10::6816:2c81;2606:4700:10::6816:2d81;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016999Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:47.691{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.tagesspiegel.de0104.19.144.4;104.19.255.3;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016998Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:47.691{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.tagesspiegel.de0::ffff:104.19.255.3;::ffff:104.19.144.4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016997Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:47.691{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.berliner-zeitung.de0172.67.36.178;104.22.44.129;104.22.45.129;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000016996Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:47.690{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.berliner-zeitung.de0::ffff:104.22.45.129;::ffff:172.67.36.178;::ffff:104.22.44.129;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017004Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:49.724{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900aacfb9d106f4.link11.de9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017003Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:49.723{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900aacfb9d106f4.link11.de0128.65.210.181;128.65.210.182;128.65.210.184;128.65.210.185;128.65.211.185;128.65.211.186;128.65.211.187;128.65.210.180;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017002Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:49.722{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.spiegel.de0type: 5 aacfb9d106f4.link11.de;::ffff:128.65.210.180;::ffff:128.65.210.181;::ffff:128.65.210.182;::ffff:128.65.210.184;::ffff:128.65.210.185;::ffff:128.65.211.185;::ffff:128.65.211.186;::ffff:128.65.211.187;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017008Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:51.753{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900e12746.g.akamaiedge.net023.210.254.124;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017007Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:51.753{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900correctiv.org0144.76.40.253;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017006Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:51.753{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.faz.net0type: 5 www.faz.net.edgekey.net;type: 5 e12746.g.akamaiedge.net;::ffff:23.210.254.124;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017005Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:51.752{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900correctiv.org0::ffff:144.76.40.253;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017009Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:51.755{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900correctiv.org9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017012Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:54.209{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900unbouncepages.com9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017011Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:54.207{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900unbouncepages.com054.93.101.66;18.196.95.178;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017010Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:54.206{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900go.helixsleep.com0type: 5 unbouncepages.com;::ffff:18.196.95.178;::ffff:54.93.101.66;C:\Program Files\Mozilla Firefox\firefox.exe 13241300x800000000000000017038Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:57.947{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\00003312f700c3d03614c2c9f93e32df9af300000904\PublisherCN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 10341000x800000000000000017037Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.900{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7049-5FB6-0000-00109F3E2600}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017036Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.900{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017035Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.900{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017034Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.900{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017033Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.900{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017032Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.900{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-7049-5FB6-0000-00109F3E2600}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017031Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.900{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7049-5FB6-0000-00109F3E2600}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017030Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.902{2CC55DE6-7049-5FB6-0000-00109F3E2600}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x800000000000000017029Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:57.666{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\00004ee7114ba1c474f7bbd42f8c9f930b0700000904\PublisherCN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 13241300x800000000000000017028Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:57.603{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\000068583dc536ea8c3daf81bdbdf12127d400000904\PublisherCN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 13241300x800000000000000017027Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:57.528{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\000070aa163b48d93a6fb1c459f613fcd65f00000904\PublisherCN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 13241300x800000000000000017026Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:57.400{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\000027bb02f51e48dc3e0db3390b300af68d00000904\PublisherCN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 10341000x800000000000000017025Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.232{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017024Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.197{2CC55DE6-6AC0-5FB6-0000-001053530000}852920C:\Windows\system32\services.exe{2CC55DE6-7011-5FB6-0000-0010A8B82300}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\services.exe+18ff|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017023Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.197{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-7011-5FB6-0000-0010A8B82300}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017022Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.197{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-7011-5FB6-0000-0010A8B82300}7016C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017021Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.197{2CC55DE6-6AC0-5FB6-0000-001053530000}8522572C:\Windows\system32\services.exe{2CC55DE6-7011-5FB6-0000-0010A8B82300}7016C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+12939|C:\Windows\system32\services.exe+66f4|C:\Windows\system32\services.exe+5154|C:\Windows\system32\services.exe+d608|C:\Windows\system32\services.exe+4c6c|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017020Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.197{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017019Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.182{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017018Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.182{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017017Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.182{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017016Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.103{2CC55DE6-7049-5FB6-0000-001099252600}39726584C:\Windows\system32\conhost.exe{2CC55DE6-7010-5FB6-0000-001001B32300}6576C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017015Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.103{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-7049-5FB6-0000-001099252600}3972C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017014Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.103{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-7010-5FB6-0000-001001B32300}6576C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017013Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:57.103{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041384C:\Windows\System32\svchost.exe{2CC55DE6-7010-5FB6-0000-001001B32300}6576C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\pcasvc.dll+43591|c:\windows\system32\pcasvc.dll+22bed|C:\Windows\SYSTEM32\ntdll.dll+7d87d|C:\Windows\SYSTEM32\ntdll.dll+3a979|C:\Windows\SYSTEM32\ntdll.dll+1e86f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000017254Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.869{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\amazonssmagentse|2271a36d09a9c5b9\BinProductVersion2.3.1644.0 13241300x800000000000000017253Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.869{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\amazonssmagentse|2271a36d09a9c5b9\LinkDate05/01/2017 14:33:52 13241300x800000000000000017252Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.869{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\amazonssmagentse|2271a36d09a9c5b9\Publisheramazon web services 13241300x800000000000000017251Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.869{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\amazonssmagentse|2271a36d09a9c5b9\LowerCaseLongPathc:\programdata\package cache\{33439d9e-7a5e-4992-8b96-e4289258e675}\amazonssmagentsetup.exe 13241300x800000000000000017250Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.869{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\0000f6abc041d85c3409b14c747273beb3760000ffff\PublisherAmazon Web Services 13241300x800000000000000017249Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\srm.exe|928901d4ccf4225c\BinProductVersion(Empty) 13241300x800000000000000017248Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\srm.exe|928901d4ccf4225c\LinkDate01/10/2020 01:30:07 13241300x800000000000000017247Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\srm.exe|928901d4ccf4225c\Publisher(Empty) 13241300x800000000000000017246Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\srm.exe|928901d4ccf4225c\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\srm.exe 13241300x800000000000000017245Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\BinProductVersion10.0.10011.16384 13241300x800000000000000017244Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\LinkDate10/02/2019 17:37:14 13241300x800000000000000017243Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\Publisherwindows (r) win 7 ddk provider 13241300x800000000000000017242Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkmonitornohandledrv.sys 13241300x800000000000000017241Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\BinProductVersion10.0.10011.16384 13241300x800000000000000017240Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LinkDate10/02/2019 17:37:08 13241300x800000000000000017239Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\Publisherwindows (r) win 7 ddk provider 13241300x800000000000000017238Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkdrv.sys 13241300x800000000000000017237Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\BinProductVersion2048.512.24125.32311 13241300x800000000000000017236Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\LinkDate02/07/2020 15:26:19 13241300x800000000000000017235Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\Publishersplunk inc. 13241300x800000000000000017234Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkd.exe 13241300x800000000000000017233Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\BinProductVersion2048.512.24125.32311 13241300x800000000000000017232Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\LinkDate02/07/2020 15:13:21 13241300x800000000000000017231Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\Publishersplunk inc. 13241300x800000000000000017230Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk.exe 13241300x800000000000000017229Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\BinProductVersion2048.512.24125.32311 13241300x800000000000000017228Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\LinkDate02/07/2020 15:24:43 13241300x800000000000000017227Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\Publishersplunk inc. 13241300x800000000000000017226Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-wmi.exe 13241300x800000000000000017225Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\BinProductVersion2048.512.24125.32311 13241300x800000000000000017224Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\LinkDate02/07/2020 15:19:24 13241300x800000000000000017223Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\Publishersplunk inc. 13241300x800000000000000017222Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-winprintmon.exe 13241300x800000000000000017221Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\BinProductVersion2048.512.24125.32311 13241300x800000000000000017220Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\LinkDate02/07/2020 15:19:16 13241300x800000000000000017219Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\Publishersplunk inc. 13241300x800000000000000017218Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-winhostinfo.exe 13241300x800000000000000017217Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winevtlog|d8125e0c86684fca\BinProductVersion2048.512.24125.32311 13241300x800000000000000017216Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winevtlog|d8125e0c86684fca\LinkDate02/07/2020 15:18:57 13241300x800000000000000017215Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winevtlog|d8125e0c86684fca\Publishersplunk inc. 13241300x800000000000000017214Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-winevtlog|d8125e0c86684fca\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-winevtlog.exe 13241300x800000000000000017213Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\BinProductVersion2048.512.24125.32311 13241300x800000000000000017212Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\LinkDate02/07/2020 15:19:10 13241300x800000000000000017211Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\Publishersplunk inc. 13241300x800000000000000017210Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-regmon.exe 13241300x800000000000000017209Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\BinProductVersion(Empty) 13241300x800000000000000017208Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\LinkDate02/07/2020 15:18:45 13241300x800000000000000017207Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\Publisher(Empty) 13241300x800000000000000017206Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-powershell.exe 13241300x800000000000000017205Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\BinProductVersion2048.512.24125.32311 13241300x800000000000000017204Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\LinkDate02/07/2020 15:18:45 13241300x800000000000000017203Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\Publishersplunk inc. 13241300x800000000000000017202Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-perfmon.exe 13241300x800000000000000017201Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\BinProductVersion2048.512.24125.32311 13241300x800000000000000017200Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\LinkDate02/07/2020 15:18:57 13241300x800000000000000017199Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\Publishersplunk inc. 13241300x800000000000000017198Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-netmon.exe 13241300x800000000000000017197Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\BinProductVersion10.0.10011.16384 13241300x800000000000000017196Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\LinkDate02/07/2020 15:18:52 13241300x800000000000000017195Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\Publisherwindows (r) win 7 ddk provider 13241300x800000000000000017194Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-monitornohandle.exe 13241300x800000000000000017193Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\BinProductVersion2048.512.24125.32311 13241300x800000000000000017192Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\LinkDate02/07/2020 15:13:21 13241300x800000000000000017191Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\Publishersplunk inc. 13241300x800000000000000017190Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-compresstool.exe 13241300x800000000000000017189Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\BinProductVersion2048.512.24125.32311 13241300x800000000000000017188Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\LinkDate02/07/2020 15:19:19 13241300x800000000000000017187Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\Publishersplunk inc. 13241300x800000000000000017186Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-admon.exe 13241300x800000000000000017185Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\BinProductVersion10.0.10011.16384 13241300x800000000000000017184Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LinkDate09/27/2019 18:25:44 13241300x800000000000000017183Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\Publisherwindows (r) win 7 ddk provider 13241300x800000000000000017182Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splknetdrv.sys 13241300x800000000000000017181Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\BinProductVersion(Empty) 13241300x800000000000000017180Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\LinkDate01/10/2020 00:48:57 13241300x800000000000000017179Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\Publisher(Empty) 13241300x800000000000000017178Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\openssl.exe 13241300x800000000000000017177Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\BinProductVersion2048.512.24125.32311 13241300x800000000000000017176Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\LinkDate02/07/2020 15:13:14 13241300x800000000000000017175Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\Publishersplunk inc. 13241300x800000000000000017174Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\classify.exe 13241300x800000000000000017173Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\BinProductVersion2048.512.24125.32311 13241300x800000000000000017172Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\LinkDate02/07/2020 15:12:56 13241300x800000000000000017171Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\Publishersplunk inc. 13241300x800000000000000017170Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\btprobe.exe 13241300x800000000000000017169Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\BinProductVersion2048.512.24125.32311 13241300x800000000000000017168Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\LinkDate02/07/2020 15:12:56 13241300x800000000000000017167Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\Publishersplunk inc. 13241300x800000000000000017166Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\btool.exe 13241300x800000000000000017165Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.853{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\00006e465eb93b9ef9ed1111015f594f733000000904\PublisherSplunk, Inc. 10341000x800000000000000017164Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:58.823{2CC55DE6-704A-5FB6-0000-0010214F2600}70964448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000017163Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.775{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\0000f6abc041d85c3409b14c747273beb37600000904\PublisherAmazon Web Services 13241300x800000000000000017162Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\BinProductVersion8.2.9.8 13241300x800000000000000017161Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\LinkDate07/08/2020 18:42:42 13241300x800000000000000017160Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\Publisheramazon inc. 13241300x800000000000000017159Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvif\xenvif.sys 13241300x800000000000000017158Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\BinProductVersion8.3.2.2 13241300x800000000000000017157Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\LinkDate12/13/2019 22:37:48 13241300x800000000000000017156Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\Publisheramazon inc. 13241300x800000000000000017155Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvbd\xenvbd.sys 13241300x800000000000000017154Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\BinProductVersion8.2.5.32 13241300x800000000000000017153Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\LinkDate11/19/2018 22:01:56 13241300x800000000000000017152Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\Publisheramazon inc. 13241300x800000000000000017151Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xennet\xennet.sys 13241300x800000000000000017150Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\BinProductVersion8.2.7.5 13241300x800000000000000017149Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\LinkDate12/16/2019 19:58:01 13241300x800000000000000017148Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\Publisheramazon inc. 13241300x800000000000000017147Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xeniface\xeniface.sys 13241300x800000000000000017146Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\BinProductVersion8.2.8.4 13241300x800000000000000017145Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\LinkDate07/08/2020 00:16:24 13241300x800000000000000017144Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\Publisheramazon inc. 13241300x800000000000000017143Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\xenfilt.sys 13241300x800000000000000017142Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xendisk.sys|eea975986c3a667d\BinProductVersion8.3.2.2 13241300x800000000000000017141Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xendisk.sys|eea975986c3a667d\LinkDate12/13/2019 22:37:53 13241300x800000000000000017140Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xendisk.sys|eea975986c3a667d\Publisheramazon inc. 13241300x800000000000000017139Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xendisk.sys|eea975986c3a667d\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvbd\xendisk.sys 13241300x800000000000000017138Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\BinProductVersion8.3.2.2 13241300x800000000000000017137Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\LinkDate12/13/2019 22:37:36 13241300x800000000000000017136Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\Publisheramazon inc. 13241300x800000000000000017135Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvbd\xencrsh.sys 13241300x800000000000000017134Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\BinProductVersion8.2.8.4 13241300x800000000000000017133Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\LinkDate07/08/2020 00:16:19 13241300x800000000000000017132Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\Publisheramazon inc. 13241300x800000000000000017131Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\xenbus.sys 13241300x800000000000000017130Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\BinProductVersion8.2.8.4 13241300x800000000000000017129Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\LinkDate07/08/2020 00:16:07 13241300x800000000000000017128Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\Publisheramazon inc. 13241300x800000000000000017127Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\xen.sys 13241300x800000000000000017126Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\BinProductVersion8.2.7.5 13241300x800000000000000017125Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\LinkDate12/16/2019 19:58:07 13241300x800000000000000017124Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\Publisheramazon inc. 13241300x800000000000000017123Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xeniface\liteagent.exe 13241300x800000000000000017122Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\BinProductVersion2.1.0.0 13241300x800000000000000017121Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\LinkDate05/23/2009 10:37:17 13241300x800000000000000017120Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\Publishermicrosoft corporation 13241300x800000000000000017119Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvif\dpinst.exe 13241300x800000000000000017118Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\BinProductVersion2.1.0.0 13241300x800000000000000017117Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\LinkDate05/23/2009 10:37:17 13241300x800000000000000017116Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\Publishermicrosoft corporation 13241300x800000000000000017115Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xennet\dpinst.exe 13241300x800000000000000017114Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\BinProductVersion2.1.0.0 13241300x800000000000000017113Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\LinkDate05/23/2009 10:37:17 13241300x800000000000000017112Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\Publishermicrosoft corporation 13241300x800000000000000017111Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\dpinst.exe 13241300x800000000000000017110Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\BinProductVersion2.1.0.0 13241300x800000000000000017109Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\LinkDate05/23/2009 10:37:17 13241300x800000000000000017108Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\Publishermicrosoft corporation 13241300x800000000000000017107Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvbd\dpinst.exe 13241300x800000000000000017106Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\BinProductVersion2.1.0.0 13241300x800000000000000017105Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\LinkDate05/23/2009 10:37:17 13241300x800000000000000017104Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\Publishermicrosoft corporation 13241300x800000000000000017103Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xeniface\dpinst.exe 13241300x800000000000000017102Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.682{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\0000dfc68d03fd9d72b99cd4a528c1df5d2500000904\PublisherAmazon Web Services 10341000x800000000000000017101Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:58.666{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-704A-5FB6-0000-0010214F2600}7096C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017100Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:58.666{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017099Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:58.666{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017098Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:58.666{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017097Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:58.666{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017096Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:58.666{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-704A-5FB6-0000-0010214F2600}7096C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017095Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:58.666{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-704A-5FB6-0000-0010214F2600}7096C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017094Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:58.667{2CC55DE6-704A-5FB6-0000-0010214F2600}7096C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x800000000000000017093Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.291{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\000071298fcd2fb3ea32e4358c753430dd7e00000904\PublisherAmazon Web Services 13241300x800000000000000017092Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\BinProductVersion1.0.0.0 13241300x800000000000000017091Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\LinkDate12/11/2016 21:50:55 13241300x800000000000000017090Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\Publishermozilla corporation 13241300x800000000000000017089Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\LowerCaseLongPathc:\program files (x86)\mozilla maintenance service\uninstall.exe 13241300x800000000000000017088Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\BinProductVersion83.0.0.7621 13241300x800000000000000017087Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\LinkDate11/12/2020 16:48:58 13241300x800000000000000017086Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\Publishermozilla foundation 13241300x800000000000000017085Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\LowerCaseLongPathc:\program files (x86)\mozilla maintenance service\maintenanceservice.exe 13241300x800000000000000017084Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\0000b0c9509c5aec6198f635b60d85ab07a30000ffff\PublisherMozilla 13241300x800000000000000017083Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\BinProductVersion83.0.0.7621 13241300x800000000000000017082Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LinkDate11/12/2020 16:48:24 13241300x800000000000000017081Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\Publishermozilla foundation 13241300x800000000000000017080Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LowerCaseLongPathc:\program files\mozilla firefox\updater.exe 13241300x800000000000000017079Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\plugin-hang-ui.e|29c2c5a171ba01f1\BinProductVersion83.0.0.0 13241300x800000000000000017078Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\plugin-hang-ui.e|29c2c5a171ba01f1\LinkDate11/12/2020 16:48:16 13241300x800000000000000017077Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\plugin-hang-ui.e|29c2c5a171ba01f1\Publishermozilla corporation 13241300x800000000000000017076Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\plugin-hang-ui.e|29c2c5a171ba01f1\LowerCaseLongPathc:\program files\mozilla firefox\plugin-hang-ui.exe 13241300x800000000000000017075Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\BinProductVersion83.0.0.0 13241300x800000000000000017074Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LinkDate11/12/2020 17:04:22 13241300x800000000000000017073Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\Publishermozilla corporation 13241300x800000000000000017072Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LowerCaseLongPathc:\program files\mozilla firefox\plugin-container.exe 13241300x800000000000000017071Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\BinProductVersion83.0.0.7621 13241300x800000000000000017070Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LinkDate11/12/2020 16:49:01 13241300x800000000000000017069Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\Publishermozilla foundation 13241300x800000000000000017068Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LowerCaseLongPathc:\program files\mozilla firefox\pingsender.exe 13241300x800000000000000017067Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\BinProductVersion83.0.0.7621 13241300x800000000000000017066Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LinkDate11/12/2020 16:49:02 13241300x800000000000000017065Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\Publishermozilla foundation 13241300x800000000000000017064Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LowerCaseLongPathc:\program files\mozilla firefox\minidump-analyzer.exe 13241300x800000000000000017063Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\BinProductVersion1.0.0.0 13241300x800000000000000017062Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LinkDate12/11/2016 21:50:55 13241300x800000000000000017061Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\Publishermozilla corporation 13241300x800000000000000017060Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LowerCaseLongPathc:\program files\mozilla firefox\maintenanceservice_installer.exe 13241300x800000000000000017059Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\BinProductVersion83.0.0.7621 13241300x800000000000000017058Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LinkDate11/12/2020 16:48:58 13241300x800000000000000017057Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\Publishermozilla foundation 13241300x800000000000000017056Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LowerCaseLongPathc:\program files\mozilla firefox\maintenanceservice.exe 13241300x800000000000000017055Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\BinProductVersion1.0.0.0 13241300x800000000000000017054Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\LinkDate12/11/2016 21:50:55 13241300x800000000000000017053Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\Publishermozilla corporation 13241300x800000000000000017052Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\LowerCaseLongPathc:\program files\mozilla firefox\uninstall\helper.exe 13241300x800000000000000017051Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\BinProductVersion83.0.0.0 13241300x800000000000000017050Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LinkDate11/12/2020 16:48:51 13241300x800000000000000017049Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\Publishermozilla corporation 13241300x800000000000000017048Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LowerCaseLongPathc:\program files\mozilla firefox\firefox.exe 13241300x800000000000000017047Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\BinProductVersion83.0.0.7621 13241300x800000000000000017046Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LinkDate11/12/2020 16:51:03 13241300x800000000000000017045Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\Publishermozilla foundation 13241300x800000000000000017044Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LowerCaseLongPathc:\program files\mozilla firefox\default-browser-agent.exe 13241300x800000000000000017043Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\BinProductVersion83.0.0.7621 13241300x800000000000000017042Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LinkDate11/12/2020 16:49:56 13241300x800000000000000017041Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\Publishermozilla foundation 13241300x800000000000000017040Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LowerCaseLongPathc:\program files\mozilla firefox\crashreporter.exe 13241300x800000000000000017039Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:58.166{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\0000d807a189fbfc08b55fb000b50b4c16640000ffff\PublisherMozilla 13241300x800000000000000017263Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:16:59.947{2CC55DE6-7049-5FB6-0000-00105B252600}6576C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{78999385-27e2-0c30-f88b-321659d47030}\Root\InventoryApplication\00007301d1582b4c719347231f6fe0233e5000000904\PublisherAmazon Web Services Developer Relations 10341000x800000000000000017262Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:59.353{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-704B-5FB6-0000-0010296A2600}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017261Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:59.353{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017260Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:59.353{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017259Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:59.353{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017258Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:59.353{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017257Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:59.353{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-704B-5FB6-0000-0010296A2600}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017256Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:59.353{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-704B-5FB6-0000-0010296A2600}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017255Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:16:59.354{2CC55DE6-704B-5FB6-0000-0010296A2600}6680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000017272Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:00.682{2CC55DE6-704C-5FB6-0000-00108F882600}52205664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017271Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:00.529{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-704C-5FB6-0000-00108F882600}5220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017270Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:00.528{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017269Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:00.528{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017268Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:00.527{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017267Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:00.527{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017266Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:00.527{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-704C-5FB6-0000-00108F882600}5220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017265Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:00.527{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-704C-5FB6-0000-00108F882600}5220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017264Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:00.526{2CC55DE6-704C-5FB6-0000-00108F882600}5220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000017290Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.978{2CC55DE6-704D-5FB6-0000-001079912600}61727024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017289Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.826{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-704D-5FB6-0000-001079912600}6172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017288Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.825{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017287Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.825{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017286Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.825{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017285Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.825{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017284Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.825{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-704D-5FB6-0000-001079912600}6172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017283Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.824{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-704D-5FB6-0000-001079912600}6172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017282Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.824{2CC55DE6-704D-5FB6-0000-001079912600}6172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000017281Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.353{2CC55DE6-704D-5FB6-0000-0010A58F2600}50286988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017280Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.197{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-704D-5FB6-0000-0010A58F2600}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017279Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.197{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017278Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.197{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017277Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.197{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017276Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.197{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017275Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.197{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-704D-5FB6-0000-0010A58F2600}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017274Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.197{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-704D-5FB6-0000-0010A58F2600}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017273Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:01.198{2CC55DE6-704D-5FB6-0000-0010A58F2600}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000017298Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:02.978{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-704E-5FB6-0000-001099932600}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017297Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:02.978{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017296Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:02.978{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017295Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:02.978{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017294Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:02.978{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017293Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:02.978{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-704E-5FB6-0000-001099932600}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017292Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:02.978{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-704E-5FB6-0000-001099932600}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017291Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:02.980{2CC55DE6-704E-5FB6-0000-001099932600}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000017302Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:05.429{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017301Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:05.429{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000017300Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:05.355{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017299Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:05.355{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 22542200x800000000000000017305Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:05.021{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.google.com02a00:1450:4001:809::2004;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017304Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:05.019{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.google.com0172.217.22.4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017303Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:05.018{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.google.com0::ffff:172.217.22.4;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017309Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.853{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad42c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1 10341000x800000000000000017308Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.853{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad42c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48 10341000x800000000000000017307Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.853{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017306Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.853{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000017355Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.556{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+2b18c5d|C:\Program Files\Mozilla Firefox\xul.dll+a8ead5|C:\Program Files\Mozilla Firefox\xul.dll+a8ed66|C:\Program Files\Mozilla Firefox\xul.dll+a8c4ae|C:\Program Files\Mozilla Firefox\xul.dll+a8c6e0|C:\Program Files\Mozilla Firefox\xul.dll+292393f|C:\Program Files\Mozilla Firefox\xul.dll+2923728|C:\Program Files\Mozilla Firefox\xul.dll+292749e|C:\Program Files\Mozilla Firefox\xul.dll+292c863|C:\Program Files\Mozilla Firefox\xul.dll+2920823|C:\Program Files\Mozilla Firefox\xul.dll+292f5d3|C:\Program Files\Mozilla Firefox\xul.dll+2936faa|C:\Program Files\Mozilla Firefox\xul.dll+e4e349|C:\Program Files\Mozilla Firefox\xul.dll+da6331|C:\Program Files\Mozilla Firefox\xul.dll+34867d|C:\Program Files\Mozilla Firefox\xul.dll+e58d87|C:\Program Files\Mozilla Firefox\xul.dll+dca3d0 10341000x800000000000000017354Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.556{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+2b18c5d|C:\Program Files\Mozilla Firefox\xul.dll+a8ead5|C:\Program Files\Mozilla Firefox\xul.dll+a8ed66|C:\Program Files\Mozilla Firefox\xul.dll+a8c4ae|C:\Program Files\Mozilla Firefox\xul.dll+a8c6e0|C:\Program Files\Mozilla Firefox\xul.dll+292393f|C:\Program Files\Mozilla Firefox\xul.dll+2923728|C:\Program Files\Mozilla Firefox\xul.dll+292749e|C:\Program Files\Mozilla Firefox\xul.dll+292c863|C:\Program Files\Mozilla Firefox\xul.dll+2920823|C:\Program Files\Mozilla Firefox\xul.dll+292f5d3|C:\Program Files\Mozilla Firefox\xul.dll+2936faa|C:\Program Files\Mozilla Firefox\xul.dll+e4e349|C:\Program Files\Mozilla Firefox\xul.dll+da6331|C:\Program Files\Mozilla Firefox\xul.dll+34867d|C:\Program Files\Mozilla Firefox\xul.dll+e58d87|C:\Program Files\Mozilla Firefox\xul.dll+dca3d0 10341000x800000000000000017353Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.556{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+2b18c5d|C:\Program Files\Mozilla Firefox\xul.dll+a8ead5|C:\Program Files\Mozilla Firefox\xul.dll+a8ed66|C:\Program Files\Mozilla Firefox\xul.dll+a8c4ae|C:\Program Files\Mozilla Firefox\xul.dll+a8c6e0|C:\Program Files\Mozilla Firefox\xul.dll+292393f|C:\Program Files\Mozilla Firefox\xul.dll+2923728|C:\Program Files\Mozilla Firefox\xul.dll+292749e|C:\Program Files\Mozilla Firefox\xul.dll+292c863|C:\Program Files\Mozilla Firefox\xul.dll+2920823|C:\Program Files\Mozilla Firefox\xul.dll+292f5d3|C:\Program Files\Mozilla Firefox\xul.dll+2936faa|C:\Program Files\Mozilla Firefox\xul.dll+e4e349|C:\Program Files\Mozilla Firefox\xul.dll+da6331|C:\Program Files\Mozilla Firefox\xul.dll+34867d|C:\Program Files\Mozilla Firefox\xul.dll+e58d87|C:\Program Files\Mozilla Firefox\xul.dll+dca3d0 10341000x800000000000000017352Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.556{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+2b18c5d|C:\Program Files\Mozilla Firefox\xul.dll+a8ead5|C:\Program Files\Mozilla Firefox\xul.dll+a8ed66|C:\Program Files\Mozilla Firefox\xul.dll+a8c4ae|C:\Program Files\Mozilla Firefox\xul.dll+a8c6e0|C:\Program Files\Mozilla Firefox\xul.dll+292393f|C:\Program Files\Mozilla Firefox\xul.dll+2923728|C:\Program Files\Mozilla Firefox\xul.dll+292749e|C:\Program Files\Mozilla Firefox\xul.dll+292c863|C:\Program Files\Mozilla Firefox\xul.dll+2920823|C:\Program Files\Mozilla Firefox\xul.dll+292f5d3|C:\Program Files\Mozilla Firefox\xul.dll+2936faa|C:\Program Files\Mozilla Firefox\xul.dll+e4e349|C:\Program Files\Mozilla Firefox\xul.dll+da6331|C:\Program Files\Mozilla Firefox\xul.dll+34867d|C:\Program Files\Mozilla Firefox\xul.dll+e58d87|C:\Program Files\Mozilla Firefox\xul.dll+dca3d0 10341000x800000000000000017351Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017350Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017349Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017348Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017347Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017346Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017345Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017344Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017343Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017342Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017341Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017340Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017339Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017338Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017337Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017336Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017335Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017334Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.306{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000017333Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017332Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017331Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017330Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017329Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017328Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017327Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017326Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017325Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017324Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017323Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017322Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017321Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.275{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017320Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.259{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017319Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.259{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017318Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.259{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017317Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.259{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017316Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.092{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad42c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1 10341000x800000000000000017315Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.092{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad42c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48 10341000x800000000000000017314Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.092{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017313Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.092{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000017312Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.092{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017311Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.089{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000017310Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.072{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b3d649|C:\Program Files\Mozilla Firefox\xul.dll+2b126f4|C:\Program Files\Mozilla Firefox\xul.dll+3a5695e|C:\Program Files\Mozilla Firefox\xul.dll+e4c94c|C:\Program Files\Mozilla Firefox\xul.dll+e4fdc6|C:\Program Files\Mozilla Firefox\xul.dll+da6331|C:\Program Files\Mozilla Firefox\xul.dll+34867d|C:\Program Files\Mozilla Firefox\xul.dll+e58d87|C:\Program Files\Mozilla Firefox\xul.dll+dca3d0|C:\Program Files\Mozilla Firefox\xul.dll+dcfb83|C:\Program Files\Mozilla Firefox\xul.dll+dcdbcc|C:\Program Files\Mozilla Firefox\xul.dll+dcd1a8|C:\Program Files\Mozilla Firefox\xul.dll+dcc1fc|C:\Program Files\Mozilla Firefox\xul.dll+de0131|C:\Program Files\Mozilla Firefox\xul.dll+adfa22|C:\Program Files\Mozilla Firefox\xul.dll+9ee717|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26 22542200x800000000000000017370Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.114{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900plus.l.google.com0216.58.206.14;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017369Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.114{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900apis.google.com0type: 5 plus.l.google.com;::ffff:216.58.206.14;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017368Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.873{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900consent.google.de02a00:1450:4001:803::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017367Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.871{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900consent.google.de0216.58.212.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017366Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.870{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900consent.google.de0::ffff:216.58.212.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017365Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.675{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900consent.google.com02a00:1450:4001:824::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017364Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.674{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900consent.google.com0172.217.18.110;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017363Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.673{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900consent.google.com0::ffff:172.217.18.110;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017362Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.577{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com034.211.246.164;44.230.27.229;44.231.216.202;44.238.207.5;52.10.162.146;52.34.254.140;52.89.14.226;54.148.237.155;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017361Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.315{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.google.de02a00:1450:4001:818::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017360Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.313{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.google.de0172.217.22.3;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017359Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:23.312{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www.google.de0::ffff:172.217.22.3;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017358Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:25.385{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017357Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:25.337{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017356Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:25.292{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017381Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.365{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www3.l.google.com02a00:1450:4001:81d::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017380Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.364{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900www3.l.google.com0172.217.16.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017379Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.363{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900adservice.google.de0type: 5 pagead46.l.doubleclick.net;::ffff:142.250.74.194;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017378Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.363{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900ogs.google.de0type: 5 www3.l.google.com;::ffff:172.217.16.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017377Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.176{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900gstaticadssl.l.google.com02a00:1450:4001:818::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017376Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.174{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900gstaticadssl.l.google.com0172.217.18.3;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017375Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:24.116{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900plus.l.google.com02a00:1450:4001:803::200e;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017374Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:26.806{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017373Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:26.712{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017372Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:26.416{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017371Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:26.416{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 22542200x800000000000000017384Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:25.931{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900consent.youtube.com02a00:1450:4001:81f::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017383Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:25.918{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900consent.youtube.com0216.58.212.174;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017382Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:25.917{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900consent.youtube.com0::ffff:216.58.212.174;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017399Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.683{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017398Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017397Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.292{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017396Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.292{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017395Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.244{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017394Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.244{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017393Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.212{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017392Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.212{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017391Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.150{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017390Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.150{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017389Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.119{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017388Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.119{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017387Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.056{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017386Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.056{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017385Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:29.009{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017403Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:44.368{2CC55DE6-6AC1-5FB6-0000-001036540000}860908C:\Windows\system32\lsass.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000017402Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:44.275{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017401Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:44.275{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017400Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:44.275{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017408Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:47.564{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900a19.dscg10.akamai.net02a02:26f0:10::5c7a:d691;2a02:26f0:10::5c7a:d693;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017407Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:47.561{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900a19.dscg10.akamai.net023.55.161.185;23.55.161.211;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017406Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:47.560{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900ciscobinary.openh264.org0type: 5 a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com;type: 5 a17.rackcdn.com;type: 5 a17.rackcdn.com.mdc.edgesuite.net;type: 5 a19.dscg10.akamai.net;::ffff:23.55.161.211;::ffff:23.55.161.185;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017405Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:47.492{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900prod.balrog.prod.cloudops.mozgcp.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017404Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:47.490{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900prod.balrog.prod.cloudops.mozgcp.net035.244.181.201;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017411Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:51.285{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017410Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:51.224{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017409Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:48.425{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d2nxq2uap88usk.cloudfront.net02600:9000:214f:9600:a:da5e:7900:93a1;2600:9000:214f:a400:a:da5e:7900:93a1;2600:9000:214f:b000:a:da5e:7900:93a1;2600:9000:214f:e400:a:da5e:7900:93a1;2600:9000:214f:1200:a:da5e:7900:93a1;2600:9000:214f:3800:a:da5e:7900:93a1;2600:9000:214f:5400:a:da5e:7900:93a1;2600:9000:214f:5800:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017413Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:52.183{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017412Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:52.183{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000017417Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:54.569{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017416Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:54.569{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000017415Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:54.344{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017414Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:54.344{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000017421Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:56.868{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad42c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1 10341000x800000000000000017420Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:56.868{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad42c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48 10341000x800000000000000017419Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:56.868{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017418Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:56.868{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000017437Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.899{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7085-5FB6-0000-0010D2D82600}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017436Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.899{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017435Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.899{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017434Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.899{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017433Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.899{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017432Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.899{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-7085-5FB6-0000-0010D2D82600}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017431Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.899{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7085-5FB6-0000-0010D2D82600}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017430Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.900{2CC55DE6-7085-5FB6-0000-0010D2D82600}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000017429Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.665{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017428Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.665{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017427Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.665{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017426Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.618{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017425Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.618{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017424Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.618{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017423Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.165{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017422Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.118{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017446Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:58.841{2CC55DE6-7086-5FB6-0000-00101ADD2600}41965184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017445Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:58.681{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7086-5FB6-0000-00101ADD2600}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017444Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:58.681{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017443Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:58.681{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017442Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:58.681{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017441Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:58.681{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017440Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:58.681{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-7086-5FB6-0000-00101ADD2600}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017439Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:58.681{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7086-5FB6-0000-00101ADD2600}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017438Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:58.682{2CC55DE6-7086-5FB6-0000-00101ADD2600}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x800000000000000017461Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:57.456{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900ogs.google.com0type: 5 www3.l.google.com;::ffff:172.217.16.142;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017460Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.759{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad42c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1 10341000x800000000000000017459Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.759{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad42c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48 10341000x800000000000000017458Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.759{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017457Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.759{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000017456Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.665{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a 10341000x800000000000000017455Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.665{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649 10341000x800000000000000017454Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.368{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7087-5FB6-0000-00109FDF2600}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017453Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.368{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017452Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.368{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017451Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.368{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017450Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.368{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017449Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.368{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-7087-5FB6-0000-00109FDF2600}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017448Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.368{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7087-5FB6-0000-00109FDF2600}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017447Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.369{2CC55DE6-7087-5FB6-0000-00109FDF2600}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x800000000000000017486Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.193{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900zoom.us0::ffff:52.202.62.196;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017485Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.696{2CC55DE6-7088-5FB6-0000-0010A3E62600}64726488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017484Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.696{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017483Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.665{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017482Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.618{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017481Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.571{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017480Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.541{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017479Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.541{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017478Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.541{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7088-5FB6-0000-0010A3E62600}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017477Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.541{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017476Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.541{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017475Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.541{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017474Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.541{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017473Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.541{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017472Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.541{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-7088-5FB6-0000-0010A3E62600}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017471Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.541{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7088-5FB6-0000-0010A3E62600}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017470Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.542{2CC55DE6-7088-5FB6-0000-0010A3E62600}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000017469Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.524{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017468Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.524{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017467Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.524{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017466Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017465Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017464Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017463Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017462Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017517Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.962{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad42c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1 10341000x800000000000000017516Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.962{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad2b3|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad42c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48 10341000x800000000000000017515Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.962{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a 10341000x800000000000000017514Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.962{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649 22542200x800000000000000017513Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.998{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900rollout.ada.support0::ffff:143.204.201.31;::ffff:143.204.201.15;::ffff:143.204.201.29;::ffff:143.204.201.30;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017512Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.628{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900static.ada.support9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017511Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.624{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900static.ada.support0143.204.201.16;143.204.201.84;143.204.201.95;143.204.201.115;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017510Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.623{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900static.ada.support0::ffff:143.204.201.115;::ffff:143.204.201.16;::ffff:143.204.201.84;::ffff:143.204.201.95;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017509Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.572{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d24cgw3uvb9a9h.cloudfront.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017508Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.570{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d24cgw3uvb9a9h.cloudfront.net013.35.253.153;13.35.253.163;13.35.253.6;13.35.253.14;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017507Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.569{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d24cgw3uvb9a9h.cloudfront.net0::ffff:13.35.253.14;::ffff:13.35.253.153;::ffff:13.35.253.163;::ffff:13.35.253.6;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017506Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.195{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900zoom.us9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017505Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.194{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900zoom.us052.202.62.196;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017504Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.884{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7089-5FB6-0000-0010CAEB2600}1416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017503Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.884{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017502Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.884{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017501Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.884{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017500Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.884{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017499Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.884{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-7089-5FB6-0000-0010CAEB2600}1416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017498Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.884{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7089-5FB6-0000-0010CAEB2600}1416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017497Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.884{2CC55DE6-7089-5FB6-0000-0010CAEB2600}1416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000017496Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.368{2CC55DE6-7089-5FB6-0000-0010D0E82600}59764348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017495Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.212{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7089-5FB6-0000-0010D0E82600}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017494Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.212{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017493Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.212{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017492Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.212{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017491Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.212{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017490Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.212{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-7089-5FB6-0000-0010D0E82600}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017489Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.212{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7089-5FB6-0000-0010D0E82600}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017488Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.213{2CC55DE6-7089-5FB6-0000-0010D0E82600}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000017487Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.118{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017542Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.993{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-708A-5FB6-0000-00109BFB2600}6152C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017541Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.993{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017540Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.993{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017539Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.993{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017538Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.993{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017537Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.993{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-708A-5FB6-0000-00109BFB2600}6152C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017536Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.993{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-708A-5FB6-0000-00109BFB2600}6152C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017535Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.994{2CC55DE6-708A-5FB6-0000-00109BFB2600}6152C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x800000000000000017534Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.091{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900zoom.ada.support9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017533Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.089{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900zoom.ada.support0143.204.201.80;143.204.201.108;143.204.201.16;143.204.201.66;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017532Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.088{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900zoom.ada.support0::ffff:143.204.201.66;::ffff:143.204.201.80;::ffff:143.204.201.108;::ffff:143.204.201.16;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017531Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:00.004{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900rollout.ada.support9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017530Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:17:59.999{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900rollout.ada.support0143.204.201.15;143.204.201.29;143.204.201.30;143.204.201.31;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017529Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a 10341000x800000000000000017528Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649 10341000x800000000000000017527Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.165{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017526Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.165{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 10341000x800000000000000017525Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.141{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017524Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.118{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea48|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+127cb97|C:\Program Files\Mozilla Firefox\xul.dll+343511|C:\Program Files\Mozilla Firefox\xul.dll+ae1090|C:\Program Files\Mozilla Firefox\xul.dll+ae1d66|C:\Program Files\Mozilla Firefox\xul.dll+39ee50|C:\Program Files\Mozilla Firefox\xul.dll+3d7041|C:\Program Files\Mozilla Firefox\xul.dll+2f24c1d|C:\Program Files\Mozilla Firefox\xul.dll+3bab3|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26 10341000x800000000000000017523Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.118{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea21|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+127cb97|C:\Program Files\Mozilla Firefox\xul.dll+343511|C:\Program Files\Mozilla Firefox\xul.dll+ae1090|C:\Program Files\Mozilla Firefox\xul.dll+ae1d66|C:\Program Files\Mozilla Firefox\xul.dll+39ee50|C:\Program Files\Mozilla Firefox\xul.dll+3d7041|C:\Program Files\Mozilla Firefox\xul.dll+2f24c1d|C:\Program Files\Mozilla Firefox\xul.dll+3bab3|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26 10341000x800000000000000017522Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.118{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dce9f6|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+127cb97|C:\Program Files\Mozilla Firefox\xul.dll+343511|C:\Program Files\Mozilla Firefox\xul.dll+ae1090|C:\Program Files\Mozilla Firefox\xul.dll+ae1d66|C:\Program Files\Mozilla Firefox\xul.dll+39ee50|C:\Program Files\Mozilla Firefox\xul.dll+3d7041|C:\Program Files\Mozilla Firefox\xul.dll+2f24c1d|C:\Program Files\Mozilla Firefox\xul.dll+3bab3|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26 11241100x800000000000000017521Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:02.071{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Local\Temp\gMfQufvU.exe2020-11-19 13:18:02.071 10341000x800000000000000017520Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.041{2CC55DE6-7089-5FB6-0000-0010CAEB2600}14165400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017519Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.041{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a|C:\Program Files\Mozilla Firefox\xul.dll+2f5bcff 10341000x800000000000000017518Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:02.041{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250 22542200x800000000000000017545Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.554{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d11yldzmag5yn.cloudfront.net9501C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017544Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.548{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d11yldzmag5yn.cloudfront.net0143.204.201.97;143.204.201.40;143.204.201.87;143.204.201.95;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017543Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:01.547{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d11yldzmag5yn.cloudfront.net0::ffff:143.204.201.95;::ffff:143.204.201.97;::ffff:143.204.201.40;::ffff:143.204.201.87;C:\Program Files\Mozilla Firefox\firefox.exe 15241500x800000000000000017558Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:05.587{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\Downloads\ZoomInstaller.exe:Zone.Identifier2020-11-19 13:18:02.071MD5=5D064EC05A72A5BDD5D8F3ABA3CBC956,SHA256=3B72B4894314676C789988076D5C8A884D88A30A09FE90A40430E192BE03BB34,IMPHASH=00000000000000000000000000000000 11241100x800000000000000017557Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDownloads2020-11-19 13:18:05.587{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\Downloads\ZoomInstaller.exe:Zone.Identifier2020-11-19 13:18:02.071 15241500x800000000000000017556Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:05.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\Downloads\ZoomInstaller.exe2020-11-19 13:18:02.071MD5=6CE40D2DBE808ECEE4C8D9067520A982,SHA256=F2F4ACDA6482F58B83F27C8696CE13DFE7FE7D47FBEE0239AA1CC754230272A7,IMPHASH=3172002EA699E1D21A7E82DF185D7D7B 10341000x800000000000000017555Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:05.493{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159f58d|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15931aa|C:\Program Files\Mozilla Firefox\xul.dll+2f37f5|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2d57d37|C:\Program Files\Mozilla Firefox\xul.dll+2d57c59|C:\Program Files\Mozilla Firefox\xul.dll+2e3ba22|C:\Program Files\Mozilla Firefox\xul.dll+2e38b85|C:\Program Files\Mozilla Firefox\xul.dll+2e36d24|C:\Program Files\Mozilla Firefox\xul.dll+2e2da24|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53 10341000x800000000000000017554Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:05.493{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159f58d|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15931aa|C:\Program Files\Mozilla Firefox\xul.dll+2f37f5|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2d57d37 10341000x800000000000000017553Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:05.493{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006212C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dfa84c|C:\Program Files\Mozilla Firefox\xul.dll+2611b70|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017552Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:05.493{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+159f52e|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a 10341000x800000000000000017551Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:05.493{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+159f52e|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649 10341000x800000000000000017550Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:05.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea48|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+318d46f|C:\Program Files\Mozilla Firefox\xul.dll+318da3c|C:\Program Files\Mozilla Firefox\xul.dll+2c18f26|C:\Program Files\Mozilla Firefox\xul.dll+1f651f2|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e39254 10341000x800000000000000017549Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:05.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dcea21|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+318d46f|C:\Program Files\Mozilla Firefox\xul.dll+318da3c|C:\Program Files\Mozilla Firefox\xul.dll+2c18f26|C:\Program Files\Mozilla Firefox\xul.dll+1f651f2|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e39254 10341000x800000000000000017548Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:05.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+2dce9f6|C:\Program Files\Mozilla Firefox\xul.dll+16a770e|C:\Program Files\Mozilla Firefox\xul.dll+2d63f56|C:\Program Files\Mozilla Firefox\xul.dll+2d62b6a|C:\Program Files\Mozilla Firefox\xul.dll+2e33d97|C:\Program Files\Mozilla Firefox\xul.dll+42cbc1|C:\Program Files\Mozilla Firefox\xul.dll+14704b6|C:\Program Files\Mozilla Firefox\xul.dll+2f895cf|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f89748|C:\Program Files\Mozilla Firefox\xul.dll+2f8b2cf|C:\Program Files\Mozilla Firefox\xul.dll+2c9ba8|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+318d46f|C:\Program Files\Mozilla Firefox\xul.dll+318da3c|C:\Program Files\Mozilla Firefox\xul.dll+2c18f26|C:\Program Files\Mozilla Firefox\xul.dll+1f651f2|C:\Program Files\Mozilla Firefox\xul.dll+233be8|C:\Program Files\Mozilla Firefox\xul.dll+106c65|C:\Program Files\Mozilla Firefox\xul.dll+3e39254 10341000x800000000000000017547Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:05.399{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000017546Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDownloads2020-11-19 13:18:05.384{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\Downloads\ZoomInstaller.exe2020-11-19 13:18:05.384 10341000x800000000000000017600Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.524{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900876C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+efd77e|C:\Program Files\Mozilla Firefox\xul.dll+10115f4|C:\Program Files\Mozilla Firefox\xul.dll+1150af1|C:\Program Files\Mozilla Firefox\xul.dll+f0bc30|C:\Program Files\Mozilla Firefox\xul.dll+f0d1b3|C:\Program Files\Mozilla Firefox\xul.dll+3b4cc|C:\Program Files\Mozilla Firefox\xul.dll+39ea2|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+a1c285|C:\Program Files\Mozilla Firefox\nss3.dll+12c0da|C:\Program Files\Mozilla Firefox\nss3.dll+11d1c1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017599Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.524{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017598Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.524{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017597Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.509{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017596Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.509{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017595Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.509{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017594Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.477{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f839e8|C:\Program Files\Mozilla Firefox\xul.dll+fccfe0|C:\Program Files\Mozilla Firefox\xul.dll+2b232d4|C:\Program Files\Mozilla Firefox\xul.dll+fa7113|C:\Program Files\Mozilla Firefox\xul.dll+f0bc30|C:\Program Files\Mozilla Firefox\xul.dll+f0d1b3|C:\Program Files\Mozilla Firefox\xul.dll+a0de9e|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458 10341000x800000000000000017593Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.462{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017592Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900828C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+36779|C:\Program Files\Mozilla Firefox\firefox.exe+36227|C:\Program Files\Mozilla Firefox\firefox.exe+4cdc0|C:\Program Files\Mozilla Firefox\firefox.exe+4cabc|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017591Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.462{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017590Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.462{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69003628C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3d620bb|C:\Program Files\Mozilla Firefox\xul.dll+3d6317d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017589Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff74e1|C:\Program Files\Mozilla Firefox\xul.dll+16a8366|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017588Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff73e1|C:\Program Files\Mozilla Firefox\xul.dll+16a8198|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017587Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff72e1|C:\Program Files\Mozilla Firefox\xul.dll+16a7fee|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017586Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1e4a9c|C:\Program Files\Mozilla Firefox\xul.dll+1e49ec|C:\Program Files\Mozilla Firefox\xul.dll+f79fb8|C:\Program Files\Mozilla Firefox\xul.dll+ff71e1|C:\Program Files\Mozilla Firefox\xul.dll+16a7e3f|C:\Program Files\Mozilla Firefox\xul.dll+2b15667|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017585Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b3d649|C:\Program Files\Mozilla Firefox\xul.dll+2b15555|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017584Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017583Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017582Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017581Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017580Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017579Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017578Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017577Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017576Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017575Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017574Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017573Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017572Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017571Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+fca80d|C:\Program Files\Mozilla Firefox\xul.dll+f9d13a|C:\Program Files\Mozilla Firefox\xul.dll+f9d024|C:\Program Files\Mozilla Firefox\xul.dll+a8ced7|C:\Program Files\Mozilla Firefox\xul.dll+2b15264|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017570Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f9d1d6|C:\Program Files\Mozilla Firefox\xul.dll+2b412a2|C:\Program Files\Mozilla Firefox\xul.dll+2b15221|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000017569Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+2b15193|C:\Program Files\Mozilla Firefox\xul.dll+2b391d8|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017568Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.441{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69005048C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f041ea|C:\Program Files\Mozilla Firefox\xul.dll+95ef84|C:\Program Files\Mozilla Firefox\xul.dll+e47e|C:\Program Files\Mozilla Firefox\xul.dll+edc8a1|C:\Program Files\Mozilla Firefox\xul.dll+e1a5|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+edd581|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017567Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.439{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017566Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.439{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017565Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.438{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017564Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.438{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017563Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.438{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017562Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.438{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69004324C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+4f952|C:\Program Files\Mozilla Firefox\firefox.exe+2cb03|C:\Program Files\Mozilla Firefox\xul.dll+9612bb|C:\Program Files\Mozilla Firefox\xul.dll+efb3ec|C:\Program Files\Mozilla Firefox\xul.dll+ef8bd2|C:\Program Files\Mozilla Firefox\xul.dll+f0549e|C:\Program Files\Mozilla Firefox\xul.dll+a15354|C:\Program Files\Mozilla Firefox\xul.dll+3b173|C:\Program Files\Mozilla Firefox\xul.dll+39f6d|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+a1c285|C:\Program Files\Mozilla Firefox\nss3.dll+12c0da|C:\Program Files\Mozilla Firefox\nss3.dll+11d1c1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017561Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.438{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe83.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6900.34.499957749\1375318512" -childID 5 -isForBrowser -prefsHandle 4240 -prefMapHandle 4668 -prefsLen 15678 -prefMapSize 228837 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6900 "\\.\pipe\gecko-crash-server-pipe.6900" 3888 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792LowMD5=EC6EFFE90D1EC308D9AFA9D10D45C994,SHA256=CAEA525D11F6DC78E33FAE7DF286CF05ED8FD890964ED9EBDFF6973BC35DF302,IMPHASH=A0E54F8DE4BDDF36D2C9289AE58AD3D8{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000017560Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.437{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017559Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:06.415{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b3d649|C:\Program Files\Mozilla Firefox\xul.dll+2b3e04d|C:\Program Files\Mozilla Firefox\xul.dll+2b12944|C:\Program Files\Mozilla Firefox\xul.dll+2b14826|C:\Program Files\Mozilla Firefox\xul.dll+2b17bde|C:\Program Files\Mozilla Firefox\xul.dll+18f4241|C:\Program Files\Mozilla Firefox\xul.dll+18ed538|C:\Program Files\Mozilla Firefox\xul.dll+4cc260|C:\Program Files\Mozilla Firefox\xul.dll+4cbe73|C:\Program Files\Mozilla Firefox\xul.dll+30d7d35|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+2c9cb1|C:\Program Files\Mozilla Firefox\xul.dll+2cadb5|C:\Program Files\Mozilla Firefox\xul.dll+18f3a78|C:\Program Files\Mozilla Firefox\xul.dll+4c6230|C:\Program Files\Mozilla Firefox\xul.dll+2755d6|C:\Program Files\Mozilla Firefox\xul.dll+9b0181|C:\Program Files\Mozilla Firefox\xul.dll+27534f|C:\Program Files\Mozilla Firefox\xul.dll+274f63|C:\Program Files\Mozilla Firefox\xul.dll+4c27d8 10341000x800000000000000017601Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:08.868{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017602Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:09.151{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f87cb7|C:\Program Files\Mozilla Firefox\xul.dll+f05ac3|C:\Program Files\Mozilla Firefox\xul.dll+efcdb8|C:\Program Files\Mozilla Firefox\xul.dll+319282|C:\Program Files\Mozilla Firefox\xul.dll+10642dc|C:\Program Files\Mozilla Firefox\xul.dll+e5f70f|C:\Program Files\Mozilla Firefox\xul.dll+abf136|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017603Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:11.806{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451ebe|C:\Program Files\Mozilla Firefox\xul.dll+f87cb7|C:\Program Files\Mozilla Firefox\xul.dll+f05ac3|C:\Program Files\Mozilla Firefox\xul.dll+efcdb8|C:\Program Files\Mozilla Firefox\xul.dll+319282|C:\Program Files\Mozilla Firefox\xul.dll+10642dc|C:\Program Files\Mozilla Firefox\xul.dll+e5f70f|C:\Program Files\Mozilla Firefox\xul.dll+abf136|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a13c03|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fbc0|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b 10341000x800000000000000017641Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.977{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365216C:\Windows\system32\csrss.exe{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017640Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.977{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017639Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.977{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017638Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.977{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017637Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.977{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017636Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.977{2CC55DE6-7094-5FB6-0000-0010D2202700}57481632C:\Users\Administrator\Downloads\ZoomInstaller.exe{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+159f0b(wow64)|C:\Windows\System32\KERNELBASE.dll+159bbc(wow64)|C:\Users\Administrator\Downloads\ZoomInstaller.exe+16899|C:\Users\Administrator\Downloads\ZoomInstaller.exe+1a71a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 154100x800000000000000017635Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.978{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe5,4,58891,1115Zoom InstallerZoom InstallerZoom Video Communications, Inc.Zoom Installer.\Installer.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792MediumMD5=81F3FDB8463CD6589A119D30CE420A38,SHA256=DE47EF59CB33723AABE7463B59A27EB8B2A2F6163D815EF09F3977C30E09DABF,IMPHASH=691743EFD5C18602CE0BCE89564E206E{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe"C:\Users\Administrator\Downloads\ZoomInstaller.exe" 10341000x800000000000000017634Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.977{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017633Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.951{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017632Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.951{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017631Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.951{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017630Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.930{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a 10341000x800000000000000017629Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.930{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649 11241100x800000000000000017628Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:12.915{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe2020-11-19 13:18:12.915 10341000x800000000000000017627Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017626Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017625Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017624Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925556C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017623Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925556C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017622Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925556C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017621Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925556C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017620Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+519e0|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017619Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017618Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e75c0|C:\Windows\System32\SHELL32.dll+5199c|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017617Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017616Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017615Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017614Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.899{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017613Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.884{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041384C:\Windows\System32\svchost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017612Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.868{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017611Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.868{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017610Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.868{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017609Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.868{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017608Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.868{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017607Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.868{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69007104C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+13755f|C:\Windows\System32\windows.storage.dll+1371d5|C:\Windows\System32\windows.storage.dll+136cc6|C:\Windows\System32\windows.storage.dll+138138|C:\Windows\System32\windows.storage.dll+136aee|C:\Windows\System32\windows.storage.dll+10a3b5|C:\Windows\System32\windows.storage.dll+10a734|C:\Windows\System32\windows.storage.dll+109d70|C:\Windows\System32\windows.storage.dll+1241fa|C:\Windows\System32\windows.storage.dll+123f5a|C:\Windows\System32\SHELL32.dll+77991|C:\Windows\System32\SHELL32.dll+767f6|C:\Windows\System32\SHELL32.dll+110821|C:\Windows\System32\SHELL32.dll+7888e|C:\Windows\System32\SHELL32.dll+75683|C:\Windows\System32\SHELL32.dll+7554b|C:\Windows\System32\SHELL32.dll+74e67|C:\Windows\System32\SHELL32.dll+dc06e|C:\Windows\System32\shcore.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4 154100x800000000000000017606Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.750{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe5,4,0,0Zoom Meetings InstallerZoom Meetings InstallerZoom Video Communications, Inc.Zoom Meetings Installer"C:\Users\Administrator\Downloads\ZoomInstaller.exe" C:\Users\Administrator\Downloads\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792MediumMD5=6CE40D2DBE808ECEE4C8D9067520A982,SHA256=F2F4ACDA6482F58B83F27C8696CE13DFE7FE7D47FBEE0239AA1CC754230272A7,IMPHASH=3172002EA699E1D21A7E82DF185D7D7B{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000017605Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.750{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017604Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:12.746{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017798Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017797Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017796Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017795Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017794Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017793Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017792Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017791Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017790Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017789Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017788Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017787Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017786Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017785Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017784Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017783Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017782Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017781Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017780Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017779Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017778Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017777Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017776Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017775Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.930{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017774Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017773Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017772Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017771Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017770Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017769Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017768Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017767Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017766Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017765Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017764Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017763Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017762Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017761Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017760Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017759Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017758Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017757Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017756Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017755Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.915{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017754Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017753Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017752Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017751Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017750Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017749Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017748Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017747Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017746Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017745Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017744Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017743Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.899{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017742Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.884{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017741Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.884{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017740Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.884{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017739Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.884{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017738Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.868{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017737Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.868{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017736Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.868{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017735Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.868{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017734Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.868{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017733Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.868{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017732Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.868{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017731Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.868{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017730Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.868{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017729Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.868{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017728Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.868{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017727Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.350{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017726Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.350{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017725Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.350{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017724Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.350{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017723Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.350{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017722Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.350{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017721Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.350{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017720Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.350{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017719Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.350{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017718Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.350{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017717Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.349{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017716Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.349{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017715Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.349{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017714Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.349{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017713Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.349{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017712Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.349{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017711Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.349{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017710Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.349{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017709Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.349{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017708Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.349{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017707Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.347{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017706Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.347{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017705Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.347{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017704Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.347{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017703Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.347{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017702Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.347{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017701Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.347{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017700Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.347{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017699Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.347{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017698Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.347{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017697Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.346{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017696Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.346{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017695Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.346{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017694Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.346{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017693Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.346{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017692Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.346{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017691Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.346{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017690Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.346{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017689Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.346{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017688Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.346{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017687Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.345{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017686Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.345{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017685Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.345{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017684Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.345{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017683Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.345{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017682Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.345{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017681Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.345{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017680Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.345{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017679Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.345{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017678Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.345{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017677Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.344{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017676Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.344{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017675Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.344{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017674Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.344{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017673Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.344{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017672Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.344{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017671Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.343{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017670Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.343{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017669Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.343{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017668Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.343{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017667Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.342{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017666Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.342{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017665Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.342{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017664Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.342{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017663Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.342{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017662Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.342{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017661Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.342{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017660Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.342{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017659Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.342{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017658Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.342{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000017657Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.071{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a 10341000x800000000000000017656Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.071{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649 10341000x800000000000000017655Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017654Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017653Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017652Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925556C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017651Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925556C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017650Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925556C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017649Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925556C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017648Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017647Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+519e0|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017646Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e75c0|C:\Windows\System32\SHELL32.dll+5199c|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017645Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017644Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017643Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017642Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:13.009{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000017900Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.993{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zData.dll2020-11-19 13:18:15.993 11241100x800000000000000017899Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.971{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zCrashReport.exe2020-11-19 13:18:15.971 11241100x800000000000000017898Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.971{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zCrashReport.dll2020-11-19 13:18:15.971 11241100x800000000000000017897Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.967{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll2020-11-19 13:18:15.967 11241100x800000000000000017896Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.930{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll2020-11-19 13:18:15.930 11241100x800000000000000017895Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.915{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zAutoUpdate.dll2020-11-19 13:18:15.915 11241100x800000000000000017894Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.899{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\viper.dll2020-11-19 13:18:15.899 11241100x800000000000000017893Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.884{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\util.dll2020-11-19 13:18:15.884 11241100x800000000000000017892Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.884{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\turbojpeg.dll2020-11-19 13:18:15.884 11241100x800000000000000017891Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.871{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\tp.dll2020-11-19 13:18:15.871 11241100x800000000000000017890Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.871{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\libssl-1_1.dll2020-11-19 13:18:15.871 11241100x800000000000000017889Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.852{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\ssb_sdk.dll2020-11-19 13:18:15.852 11241100x800000000000000017888Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.837{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\nydus.dll2020-11-19 13:18:15.837 11241100x800000000000000017887Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.821{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\mcm.dll2020-11-19 13:18:15.821 11241100x800000000000000017886Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.821{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\libcrypto-1_1.dll2020-11-19 13:18:15.821 11241100x800000000000000017885Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.805{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Installer.exe2020-11-19 13:18:15.805 11241100x800000000000000017884Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.790{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll2020-11-19 13:18:15.790 11241100x800000000000000017883Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.790{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CptHost.exe2020-11-19 13:18:15.790 11241100x800000000000000017882Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.771{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Cmmlib.dll2020-11-19 13:18:15.771 11241100x800000000000000017881Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.771{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CmmBrowserEngine.dll2020-11-19 13:18:15.771 11241100x800000000000000017880Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.767{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\msaalib.dll2020-11-19 13:18:15.767 534500x800000000000000017879Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.466{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe 10341000x800000000000000017878Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.446{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}15641884C:\Windows\system32\svchost.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017877Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.446{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}15641884C:\Windows\system32\svchost.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017876Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.446{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}15646972C:\Windows\system32\svchost.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017875Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.446{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}15646972C:\Windows\system32\svchost.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017874Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.446{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}15646972C:\Windows\system32\svchost.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017873Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.446{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}15646972C:\Windows\system32\svchost.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017872Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.384{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b44437|C:\Program Files\Mozilla Firefox\xul.dll+a188c6|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017871Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.371{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+1455fff|C:\Program Files\Mozilla Firefox\xul.dll+1454020|C:\Program Files\Mozilla Firefox\xul.dll+159edef|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649|C:\Program Files\Mozilla Firefox\xul.dll+2d5a250|C:\Program Files\Mozilla Firefox\xul.dll+2d5904c|C:\Program Files\Mozilla Firefox\xul.dll+2f22f1|C:\Program Files\Mozilla Firefox\xul.dll+2f569c2|C:\Program Files\Mozilla Firefox\xul.dll+2f5b961|C:\Program Files\Mozilla Firefox\xul.dll+2f5b7b1|C:\Program Files\Mozilla Firefox\xul.dll+2f5b362|C:\Program Files\Mozilla Firefox\xul.dll+2f5ad3a 10341000x800000000000000017870Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.371{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e3ac1|C:\Program Files\Mozilla Firefox\xul.dll+451aa1|C:\Program Files\Mozilla Firefox\xul.dll+496129|C:\Program Files\Mozilla Firefox\xul.dll+4960c9|C:\Program Files\Mozilla Firefox\xul.dll+f11946|C:\Program Files\Mozilla Firefox\xul.dll+495f74|C:\Program Files\Mozilla Firefox\xul.dll+1474831|C:\Program Files\Mozilla Firefox\xul.dll+14745f9|C:\Program Files\Mozilla Firefox\xul.dll+1454c74|C:\Program Files\Mozilla Firefox\xul.dll+14549e6|C:\Program Files\Mozilla Firefox\xul.dll+145486b|C:\Program Files\Mozilla Firefox\xul.dll+159edd0|C:\Program Files\Mozilla Firefox\xul.dll+159ed27|C:\Program Files\Mozilla Firefox\xul.dll+159bb9f|C:\Program Files\Mozilla Firefox\xul.dll+1593e07|C:\Program Files\Mozilla Firefox\xul.dll+15ad256|C:\Program Files\Mozilla Firefox\xul.dll+15ad30c|C:\Program Files\Mozilla Firefox\xul.dll+1592195|C:\Program Files\Mozilla Firefox\xul.dll+15926d3|C:\Program Files\Mozilla Firefox\xul.dll+488a48|C:\Program Files\Mozilla Firefox\xul.dll+467710|C:\Program Files\Mozilla Firefox\xul.dll+2f3649 10341000x800000000000000017869Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.371{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017868Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.371{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017867Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.371{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017866Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.371{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+519e0|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017865Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.371{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e75c0|C:\Windows\System32\SHELL32.dll+5199c|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017864Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.371{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017863Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.371{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017862Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.321{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017861Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.321{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017860Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.305{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365216C:\Windows\system32\csrss.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017859Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.305{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017858Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.305{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017857Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.305{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017856Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.305{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017855Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.305{2CC55DE6-7094-5FB6-0000-001016282700}19326688C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\System32\windows.storage.dll+110806(wow64)|C:\Windows\System32\windows.storage.dll+110527(wow64)|C:\Windows\System32\windows.storage.dll+110178(wow64)|C:\Windows\System32\windows.storage.dll+1110c1(wow64)|C:\Windows\System32\windows.storage.dll+110001(wow64)|C:\Windows\System32\windows.storage.dll+1123e4(wow64)|C:\Windows\System32\windows.storage.dll+1126d2(wow64)|C:\Windows\System32\windows.storage.dll+1120a5(wow64)|C:\Windows\System32\SHELL32.dll+1381dc(wow64)|C:\Windows\System32\SHELL32.dll+1380b6(wow64)|C:\Windows\System32\SHELL32.dll+137eb1(wow64) 154100x800000000000000017854Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.316{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe5,4,58891,1115Zoom InstallerZoom InstallerZoom Video Communications, Inc.Zoom Installer"C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe" /addfwexception --bin_home="C:\Users\Administrator\AppData\Roaming\Zoom\bin"C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792MediumMD5=81F3FDB8463CD6589A119D30CE420A38,SHA256=DE47EF59CB33723AABE7463B59A27EB8B2A2F6163D815EF09F3977C30E09DABF,IMPHASH=691743EFD5C18602CE0BCE89564E206E{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe.\Installer.exe 10341000x800000000000000017853Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.305{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017852Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.290{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017851Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.290{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017850Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.290{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017849Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.270{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017848Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:15.270{2CC55DE6-6AC1-5FB6-0000-001036540000}860900C:\Windows\system32\lsass.exe{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000017847Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.244{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zzhost.dll2020-11-19 13:18:15.244 11241100x800000000000000017846Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.240{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dll2020-11-19 13:18:15.240 11241100x800000000000000017845Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.233{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zWebService.dll2020-11-19 13:18:15.233 11241100x800000000000000017844Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.228{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dll2020-11-19 13:18:15.228 11241100x800000000000000017843Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.224{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dll2020-11-19 13:18:15.224 11241100x800000000000000017842Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.222{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exe2020-11-19 13:18:15.222 11241100x800000000000000017841Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.216{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exe2020-11-19 13:18:15.216 11241100x800000000000000017840Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.216{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zToastNotification.dll2020-11-19 13:18:15.216 11241100x800000000000000017839Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.215{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dll2020-11-19 13:18:15.215 11241100x800000000000000017838Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.214{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exe2020-11-19 13:18:15.214 11241100x800000000000000017837Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.213{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe2020-11-19 13:18:15.212 11241100x800000000000000017836Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.211{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\ZoomDocConverter.exe2020-11-19 13:18:15.211 11241100x800000000000000017835Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.211{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe2020-11-19 13:18:15.211 11241100x800000000000000017834Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.210{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zmb.dll2020-11-19 13:18:15.210 11241100x800000000000000017833Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.208{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zlt.dll2020-11-19 13:18:15.207 11241100x800000000000000017832Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.204{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll2020-11-19 13:18:15.204 11241100x800000000000000017831Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.202{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zData.dll2020-11-19 13:18:15.202 11241100x800000000000000017830Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.200{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.exe2020-11-19 13:18:15.199 11241100x800000000000000017829Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.199{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.dll2020-11-19 13:18:15.199 11241100x800000000000000017828Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.197{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll2020-11-19 13:18:15.197 11241100x800000000000000017827Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.190{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll2020-11-19 13:18:15.190 11241100x800000000000000017826Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.186{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll2020-11-19 13:18:15.186 11241100x800000000000000017825Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.185{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll2020-11-19 13:18:15.185 11241100x800000000000000017824Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.183{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\viper.dll2020-11-19 13:18:15.183 11241100x800000000000000017823Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.181{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\util.dll2020-11-19 13:18:15.181 11241100x800000000000000017822Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.181{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll2020-11-19 13:18:15.181 11241100x800000000000000017821Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.180{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll2020-11-19 13:18:15.180 11241100x800000000000000017820Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.179{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\tp.dll2020-11-19 13:18:15.179 11241100x800000000000000017819Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.177{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll2020-11-19 13:18:15.177 11241100x800000000000000017818Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.175{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\reslib.dll2020-11-19 13:18:15.175 11241100x800000000000000017817Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.175{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\nydus.dll2020-11-19 13:18:15.174 11241100x800000000000000017816Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.173{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\msaalib.dll2020-11-19 13:18:15.173 11241100x800000000000000017815Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.172{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\mcm.dll2020-11-19 13:18:15.172 11241100x800000000000000017814Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.171{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\libssl-1_1.dll2020-11-19 13:18:15.171 11241100x800000000000000017813Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.170{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll2020-11-19 13:18:15.170 11241100x800000000000000017812Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.169{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\libcrypto-1_1.dll2020-11-19 13:18:15.169 11241100x800000000000000017811Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.166{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\Installer.exe2020-11-19 13:18:15.166 11241100x800000000000000017810Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.165{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll2020-11-19 13:18:15.165 11241100x800000000000000017809Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.163{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\DllSafeCheck.dll2020-11-19 13:18:15.163 11241100x800000000000000017808Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.163{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll2020-11-19 13:18:15.163 11241100x800000000000000017807Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.162{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CptService.exe2020-11-19 13:18:15.162 11241100x800000000000000017806Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.162{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe2020-11-19 13:18:15.161 11241100x800000000000000017805Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.161{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe2020-11-19 13:18:15.161 11241100x800000000000000017804Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:15.160{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe2020-11-19 13:18:15.160 11241100x800000000000000017803Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.159{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\Cmmlib.dll2020-11-19 13:18:15.159 11241100x800000000000000017802Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.158{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CmmBrowserEngine.dll2020-11-19 13:18:15.158 11241100x800000000000000017801Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.157{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll2020-11-19 13:18:15.157 11241100x800000000000000017800Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.157{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\aomagent.dll2020-11-19 13:18:15.157 11241100x800000000000000017799Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:15.156{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\annoter.dll2020-11-19 13:18:15.156 534500x800000000000000018286Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.763{2CC55DE6-7094-5FB6-0000-0010D2202700}5748C:\Users\Administrator\Downloads\ZoomInstaller.exe 534500x800000000000000018285Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.743{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe 10341000x800000000000000018284Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.743{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924488C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018283Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.743{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018282Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.743{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018281Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.743{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018280Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018279Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018278Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018277Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018276Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018275Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018274Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018273Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018272Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018271Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018270Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018269Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018268Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018267Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018266Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018265Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018264Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018263Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018262Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018261Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018260Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018259Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018258Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018257Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018256Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018255Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018254Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018253Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018252Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018251Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018250Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018249Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018248Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018247Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018246Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018245Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018244Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018243Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018242Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018241Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018240Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018239Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018238Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018237Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018236Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018235Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018234Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018233Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018232Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018231Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018230Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018229Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018228Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018227Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018226Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018225Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018224Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018223Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018222Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.727{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018221Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018220Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018219Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018218Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018217Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018216Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018215Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018214Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018213Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018212Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018211Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018210Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018209Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018208Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018207Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018206Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018205Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018204Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018203Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018202Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018201Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018200Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018199Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018198Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018197Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018196Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018195Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018194Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018193Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018192Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018191Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018190Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018189Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018188Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018187Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018186Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018185Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018184Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018183Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018182Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018181Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018180Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018179Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018178Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018177Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018176Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018175Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018174Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018173Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018172Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018171Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018170Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018169Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018168Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018167Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018166Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018165Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018164Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018163Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018162Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018161Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018160Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018159Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018158Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018157Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018156Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018155Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018154Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018153Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018152Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018151Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018150Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.712{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018149Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018148Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018147Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018146Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018145Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018144Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018143Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018142Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018141Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018140Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018139Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018138Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018137Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018136Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018135Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018134Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018133Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018132Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018131Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018130Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018129Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018128Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018127Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018126Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018125Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018124Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018123Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018122Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018121Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018120Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018119Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018118Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018117Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018116Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018115Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018114Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018113Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018112Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018111Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018110Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018109Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018108Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018107Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018106Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018105Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018104Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018103Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018102Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018101Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018100Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018099Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018098Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018097Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018096Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018095Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018094Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018093Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018092Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018091Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018090Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018089Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018088Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018087Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018086Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018085Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018084Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018083Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018082Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018081Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018080Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018079Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018078Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018077Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018076Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018075Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018074Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018073Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018072Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018071Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018070Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018069Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018068Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018067Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018066Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018065Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018064Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018063Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018062Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018061Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018060Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018059Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018058Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018057Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018056Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018055Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018054Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018053Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.696{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018052Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018051Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018050Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018049Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018048Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018047Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018046Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018045Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018044Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018043Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018042Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018041Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018040Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018039Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018038Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018037Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018036Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018035Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018034Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018033Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018032Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018031Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018030Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018029Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018028Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018027Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018026Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018025Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018024Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018023Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018022Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018021Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018020Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018019Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018018Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018017Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018016Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018015Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018014Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018013Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018012Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018011Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018010Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018009Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018008Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018007Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018006Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018005Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018004Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018003Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018002Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018001Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+4686c|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018000Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.671{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+43ef1|C:\Windows\System32\SHELL32.dll+467eb|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000017999Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:18:16.540{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Clients\ZoomPBX\ZoomPBX\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" 13241300x800000000000000017998Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:18:16.540{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Clients\ZoomPBX\ZoomPBX\Protocols\ZoomPhoneCall\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" --url="%%l" 13241300x800000000000000017997Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:18:16.540{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\ZoomPbx.zoomphonecall\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" --url="%%l" 13241300x800000000000000017996Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:18:16.540{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\ZoomPhoneCall\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" --url="%%l" 13241300x800000000000000017995Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:18:16.540{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\ZoomRecording\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\zTscoder.exe" "%%1" 13241300x800000000000000017994Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:18:16.540{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\zoommtg\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=%%1" 13241300x800000000000000017993Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:18:16.540{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\ZoomLauncher\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=%%1" 13241300x800000000000000017992Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:16.540{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomUMX\PublisherZoom Video Communications, Inc. 13241300x800000000000000017991Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localSetValue2020-11-19 13:18:16.540{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomUMX\URLUpdateInfohttps://zoom.us 10341000x800000000000000017990Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.524{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017989Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.524{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017988Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.524{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017987Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.524{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000017986Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10232020-11-19 13:18:16.524{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk2020-11-19 13:18:16.524 10341000x800000000000000017985Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.509{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017984Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.509{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017983Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.509{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000017982Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:16.509{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000017981Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10232020-11-19 13:18:16.509{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk2020-11-19 13:18:16.509 11241100x800000000000000017980Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10232020-11-19 13:18:16.493{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom2020-11-19 13:18:16.493 11241100x800000000000000017979Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.493{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zKBCrypto.dll2020-11-19 13:18:16.493 11241100x800000000000000017978Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.471{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zOutlookIMUtil.dll2020-11-19 13:18:16.471 11241100x800000000000000017977Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.471{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\UIBase.dll2020-11-19 13:18:16.471 11241100x800000000000000017976Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:16.466{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\ZoomOutlookIMPlugin.exe2020-11-19 13:18:16.466 11241100x800000000000000017975Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:16.446{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\ZoomDocConverter.exe2020-11-19 13:18:16.446 11241100x800000000000000017974Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.446{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zToastNotification.dll2020-11-19 13:18:16.446 11241100x800000000000000017973Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\vcruntime140.dll2020-11-19 13:18:16.430 11241100x800000000000000017972Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\vccorlib140.dll2020-11-19 13:18:16.430 11241100x800000000000000017971Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\ucrtbase.dll2020-11-19 13:18:16.430 11241100x800000000000000017970Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\msvcp140_codecvt_ids.dll2020-11-19 13:18:16.430 11241100x800000000000000017969Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\msvcp140_2.dll2020-11-19 13:18:16.430 11241100x800000000000000017968Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\msvcp140_1.dll2020-11-19 13:18:16.430 11241100x800000000000000017967Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\msvcp140.dll2020-11-19 13:18:16.430 11241100x800000000000000017966Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\concrt140.dll2020-11-19 13:18:16.430 11241100x800000000000000017965Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-utility-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017964Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-time-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017963Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-string-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017962Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-stdio-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017961Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-runtime-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017960Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-process-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017959Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-private-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017958Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-multibyte-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017957Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-math-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017956Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-locale-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017955Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-heap-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017954Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-filesystem-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017953Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-environment-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017952Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-convert-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017951Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-conio-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017950Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\API-MS-Win-core-xstate-l2-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017949Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-util-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017948Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-timezone-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017947Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-sysinfo-l1-1-0.dll2020-11-19 13:18:16.430 11241100x800000000000000017946Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.430{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-synch-l1-2-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017945Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-synch-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017944Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-string-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017943Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-rtlsupport-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017942Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-profile-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017941Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-processthreads-l1-1-1.dll2020-11-19 13:18:16.415 11241100x800000000000000017940Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-processthreads-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017939Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-processenvironment-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017938Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-namedpipe-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017937Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-memory-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017936Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-localization-l1-2-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017935Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-libraryloader-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017934Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-interlocked-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017933Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-heap-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017932Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-handle-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017931Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-file-l2-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017930Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-file-l1-2-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017929Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-file-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017928Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-errorhandling-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017927Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-debug-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017926Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-datetime-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017925Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-console-l1-2-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017924Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.415{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-console-l1-1-0.dll2020-11-19 13:18:16.415 11241100x800000000000000017923Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:16.243{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zUpdater.exe2020-11-19 13:18:16.243 11241100x800000000000000017922Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.243{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll2020-11-19 13:18:16.243 11241100x800000000000000017921Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.227{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\aomagent.dll2020-11-19 13:18:16.227 11241100x800000000000000017920Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.227{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\libmpg123.dll2020-11-19 13:18:16.227 11241100x800000000000000017919Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.212{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zzhost.dll2020-11-19 13:18:16.212 11241100x800000000000000017918Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:16.212{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CptControl.exe2020-11-19 13:18:16.212 11241100x800000000000000017917Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:16.196{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CptService.exe2020-11-19 13:18:16.196 11241100x800000000000000017916Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:16.196{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CptInstall.exe2020-11-19 13:18:16.196 11241100x800000000000000017915Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.196{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\asproxy.dll2020-11-19 13:18:16.196 11241100x800000000000000017914Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.171{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\XmppDll.dll2020-11-19 13:18:16.171 11241100x800000000000000017913Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.171{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\DuiLib.dll2020-11-19 13:18:16.171 11241100x800000000000000017912Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.167{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\reslib.dll2020-11-19 13:18:16.166 11241100x800000000000000017911Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:16.149{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\uninstall\Installer.exe2020-11-19 13:18:16.149 11241100x800000000000000017910Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.149{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\annoter.dll2020-11-19 13:18:16.149 11241100x800000000000000017909Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.134{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zWebService.dll2020-11-19 13:18:16.134 11241100x800000000000000017908Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.118{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zVideoUI.dll2020-11-19 13:18:16.118 11241100x800000000000000017907Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.087{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zVideoApp.dll2020-11-19 13:18:16.087 11241100x800000000000000017906Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:16.071{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zTscoder.exe2020-11-19 13:18:16.071 11241100x800000000000000017905Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:16.071{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom_launcher.exe2020-11-19 13:18:16.071 11241100x800000000000000017904Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:16.071{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe2020-11-19 13:18:16.071 11241100x800000000000000017903Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.065{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zmb.dll2020-11-19 13:18:16.064 11241100x800000000000000017902Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.040{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zlt.dll2020-11-19 13:18:16.040 11241100x800000000000000017901Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:16.024{2CC55DE6-7094-5FB6-0000-001016282700}1932C:\Users\ADMINI~1\AppData\Local\Temp\7zS4765B1C6\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zWinRes.dll2020-11-19 13:18:16.024 10341000x800000000000000018296Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:19.666{2CC55DE6-6BC6-5FB6-0000-001085470800}44205728C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13711|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000018295Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:19.666{2CC55DE6-6BC6-5FB6-0000-001085470800}44205728C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13624|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000018294Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:19.666{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13d1e|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+8635|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+853f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17343|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000018293Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:19.634{2CC55DE6-6BC6-5FB6-0000-001085470800}44205728C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13711|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000018292Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:19.634{2CC55DE6-6BC6-5FB6-0000-001085470800}44205728C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13624|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000018291Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:19.634{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13d1e|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+8635|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+853f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17343|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000018290Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:19.618{2CC55DE6-6AC2-5FB6-0000-001001660000}608576C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018289Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:19.618{2CC55DE6-6AC2-5FB6-0000-001001660000}608576C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018288Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:19.618{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018287Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:19.618{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 11241100x800000000000000018302Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10232020-11-19 13:18:29.305{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk2020-11-19 13:18:16.524 10341000x800000000000000018301Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:29.305{2CC55DE6-6AC2-5FB6-0000-001001660000}608576C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018300Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:29.305{2CC55DE6-6AC2-5FB6-0000-001001660000}608576C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018299Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:29.305{2CC55DE6-6AC2-5FB6-0000-001001660000}608576C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018298Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:29.305{2CC55DE6-6AC2-5FB6-0000-001001660000}608576C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018297Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:29.305{2CC55DE6-6AC2-5FB6-0000-001001660000}608576C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018304Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:30.171{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000018303Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:30.171{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018340Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018339Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018338Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018337Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018336Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018335Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018334Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018333Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018332Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018331Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018330Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018329Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018328Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018327Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018326Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018325Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018324Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018323Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018322Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018321Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018320Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018319Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018318Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018317Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018316Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018315Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018314Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018313Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018312Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018311Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018310Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018309Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.556{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018308Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.555{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018307Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.555{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018306Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.555{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018305Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:39.555{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018396Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.289{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018395Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.289{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018394Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.271{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018393Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.271{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365216C:\Windows\system32\csrss.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018392Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.271{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018391Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.271{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018390Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.271{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-70B4-5FB6-0000-00102CBF2700}5036C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018389Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.271{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-70B4-5FB6-0000-00102CBF2700}5036C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018388Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.271{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-70B4-5FB6-0000-00102CBF2700}5036C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018387Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.269{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48366352C:\Windows\system32\csrss.exe{2CC55DE6-70B4-5FB6-0000-00102CBF2700}5036C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018386Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.268{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-70B4-5FB6-0000-00102CBF2700}5036C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018385Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.267{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-70B4-5FB6-0000-00102CBF2700}5036C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35af2|c:\windows\system32\rpcss.dll+3c90d|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018384Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.260{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41838|C:\Windows\system32\windows.cortana.Desktop.dll+164d7|C:\Windows\system32\windows.cortana.Desktop.dll+12c8b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018383Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.260{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41550|C:\Windows\system32\windows.cortana.Desktop.dll+9248|C:\Windows\system32\windows.cortana.Desktop.dll+12c21|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018382Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.259{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924604C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018381Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.259{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924604C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018380Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.227{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018379Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.227{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018378Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.227{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925444C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f40ac|C:\Windows\System32\TwinUI.dll+f4bf7|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22b9|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+505af|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+74e0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7c5e 10341000x800000000000000018377Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.227{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925444C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f40ac|C:\Windows\System32\TwinUI.dll+f4bf7|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22b9|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+505af|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+74e0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7c5e 10341000x800000000000000018376Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.227{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925564C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018375Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.227{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018374Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.227{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018373Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.227{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925564C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018372Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.227{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018371Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.227{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018370Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925564C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018369Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018368Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018367Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018366Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018365Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018364Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018363Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018362Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018361Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018360Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018359Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018358Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018357Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018356Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018355Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018354Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9961288C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018353Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a344|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018352Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018351Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018350Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001001660000}608576C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018349Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001001660000}608576C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018348Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001001660000}608576C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018347Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018346Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492868C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018345Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018344Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492868C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018343Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018342Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925444C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+18985|C:\Windows\System32\TwinUI.dll+1a704|C:\Windows\System32\TwinUI.dll+1a608|C:\Windows\System32\TwinUI.dll+1ba5f|C:\Windows\System32\TwinUI.dll+1a02d|C:\Windows\System32\TwinUI.dll+1cef1|C:\Windows\System32\TwinUI.dll+40e510|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22b9|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+505af|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+74e0 10341000x800000000000000018341Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:44.211{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925444C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+18985|C:\Windows\System32\TwinUI.dll+1a76c|C:\Windows\System32\TwinUI.dll+1a5f5|C:\Windows\System32\TwinUI.dll+1ba5f|C:\Windows\System32\TwinUI.dll+1a02d|C:\Windows\System32\TwinUI.dll+1cef1|C:\Windows\System32\TwinUI.dll+40e510|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22b9|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+505af|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+74e0 10341000x800000000000000018435Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.821{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018434Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.821{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018433Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.821{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018432Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.821{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018431Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.821{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018430Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.821{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018429Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.821{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41838|C:\Windows\system32\windows.cortana.Desktop.dll+26127|C:\Windows\system32\windows.cortana.Desktop.dll+2151b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018428Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.821{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41550|C:\Windows\system32\windows.cortana.Desktop.dll+9248|C:\Windows\system32\windows.cortana.Desktop.dll+214b1|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018427Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.742{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018426Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.742{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924604C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018425Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.742{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924604C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018424Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.649{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018423Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.649{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018422Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.649{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018421Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.649{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018420Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.649{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018419Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.649{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018418Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.633{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41838|C:\Windows\system32\windows.cortana.Desktop.dll+26127|C:\Windows\system32\windows.cortana.Desktop.dll+2151b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018417Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.633{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41550|C:\Windows\system32\windows.cortana.Desktop.dll+9248|C:\Windows\system32\windows.cortana.Desktop.dll+214b1|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018416Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.371{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925444C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f40ac|C:\Windows\System32\TwinUI.dll+f4bf7|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22b9|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+505af|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+74e0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7c5e 10341000x800000000000000018415Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.371{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925444C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f40ac|C:\Windows\System32\TwinUI.dll+f4bf7|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22b9|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+505af|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+74e0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7c5e 10341000x800000000000000018414Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.370{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018413Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.369{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018412Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.369{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018411Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.369{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018410Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.369{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018409Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.369{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018408Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.369{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41838|C:\Windows\system32\windows.cortana.Desktop.dll+26127|C:\Windows\system32\windows.cortana.Desktop.dll+2151b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018407Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.368{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41550|C:\Windows\system32\windows.cortana.Desktop.dll+9248|C:\Windows\system32\windows.cortana.Desktop.dll+214b1|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018406Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.352{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924604C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018405Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.352{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924604C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018404Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.352{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018403Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.352{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018402Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.352{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\System32\execmodelclient.dll+79be|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000018401Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.352{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\System32\execmodelclient.dll+791a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000018400Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.352{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926724C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018399Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.352{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24926724C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018398Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.352{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924604C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018397Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:45.352{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924604C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018443Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:46.243{2CC55DE6-6BC6-5FB6-0000-001085470800}44204128C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018442Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:46.243{2CC55DE6-6BC6-5FB6-0000-001085470800}44204128C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018441Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:46.243{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018440Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:46.243{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018439Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:46.243{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018438Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:46.243{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018437Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:46.243{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41838|C:\Windows\system32\windows.cortana.Desktop.dll+26127|C:\Windows\system32\windows.cortana.Desktop.dll+2151b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018436Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:46.243{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41550|C:\Windows\system32\windows.cortana.Desktop.dll+9248|C:\Windows\system32\windows.cortana.Desktop.dll+214b1|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018456Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.617{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018455Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.571{2CC55DE6-70B7-5FB6-0000-00108BCD2700}29285352C:\Windows\system32\conhost.exe{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018454Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.571{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-70B7-5FB6-0000-00108BCD2700}2928C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018453Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.571{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018452Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.571{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041384C:\Windows\System32\svchost.exe{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\pcasvc.dll+43591|c:\windows\system32\pcasvc.dll+22bed|C:\Windows\SYSTEM32\ntdll.dll+7d87d|C:\Windows\SYSTEM32\ntdll.dll+3a979|C:\Windows\SYSTEM32\ntdll.dll+1e86f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018451Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.539{2CC55DE6-6BC6-5FB6-0000-001085470800}44204128C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018450Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.539{2CC55DE6-6BC6-5FB6-0000-001085470800}44204128C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018449Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.539{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018448Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.539{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018447Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.539{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018446Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.539{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018445Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.539{2CC55DE6-6BC6-5FB6-0000-001085470800}44204128C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41838|C:\Windows\system32\windows.cortana.Desktop.dll+26127|C:\Windows\system32\windows.cortana.Desktop.dll+2151b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018444Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:47.539{2CC55DE6-6BC6-5FB6-0000-001085470800}44204128C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41550|C:\Windows\system32\windows.cortana.Desktop.dll+9248|C:\Windows\system32\windows.cortana.Desktop.dll+214b1|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 13241300x800000000000000018523Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.289{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zupdater.exe|5b054f51f5a19518\BinProductVersion5.4.58891.1115 13241300x800000000000000018522Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.289{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zupdater.exe|5b054f51f5a19518\LinkDate11/16/2020 07:10:52 13241300x800000000000000018521Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.289{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zupdater.exe|5b054f51f5a19518\Publisherzoom video communications, inc. 13241300x800000000000000018520Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.289{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zupdater.exe|5b054f51f5a19518\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\zupdater.exe 13241300x800000000000000018519Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.289{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\ztscoder.exe|f207aed6f02056e5\BinProductVersion5.4.58891.1115 13241300x800000000000000018518Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.289{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\ztscoder.exe|f207aed6f02056e5\LinkDate11/16/2020 07:15:53 13241300x800000000000000018517Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.289{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\ztscoder.exe|f207aed6f02056e5\Publisherzoom video communications, inc. 13241300x800000000000000018516Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.289{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\ztscoder.exe|f207aed6f02056e5\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\ztscoder.exe 13241300x800000000000000018515Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoomoutlookimplu|538a3cc1a974f3ed\BinProductVersion5.4.58891.1115 13241300x800000000000000018514Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoomoutlookimplu|538a3cc1a974f3ed\LinkDate11/16/2020 07:19:55 13241300x800000000000000018513Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoomoutlookimplu|538a3cc1a974f3ed\Publisherzoom video communications, inc. 13241300x800000000000000018512Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoomoutlookimplu|538a3cc1a974f3ed\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\zoomoutlookimplugin.exe 13241300x800000000000000018511Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoomdocconverter|faa221607b3d8961\BinProductVersion5.4.58891.1115 13241300x800000000000000018510Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoomdocconverter|faa221607b3d8961\LinkDate11/16/2020 07:15:18 13241300x800000000000000018509Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoomdocconverter|faa221607b3d8961\Publisherzoom video communications, inc. 13241300x800000000000000018508Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoomdocconverter|faa221607b3d8961\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\zoomdocconverter.exe 13241300x800000000000000018507Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoom_launcher.ex|c97075cc6ca34afd\BinProductVersion5.4.58891.1115 13241300x800000000000000018506Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoom_launcher.ex|c97075cc6ca34afd\LinkDate11/16/2020 07:23:36 13241300x800000000000000018505Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoom_launcher.ex|c97075cc6ca34afd\Publisherzoom video communications, inc. 13241300x800000000000000018504Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoom_launcher.ex|c97075cc6ca34afd\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\zoom_launcher.exe 13241300x800000000000000018503Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoom.exe|824ac22ca279d8b\BinProductVersion5.4.58891.1115 13241300x800000000000000018502Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoom.exe|824ac22ca279d8b\LinkDate11/16/2020 07:16:38 13241300x800000000000000018501Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoom.exe|824ac22ca279d8b\Publisherzoom video communications, inc. 13241300x800000000000000018500Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zoom.exe|824ac22ca279d8b\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\zoom.exe 13241300x800000000000000018499Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zcrashreport.exe|3c13381c061b9392\BinProductVersion5.4.58891.1115 13241300x800000000000000018498Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zcrashreport.exe|3c13381c061b9392\LinkDate11/16/2020 07:14:50 13241300x800000000000000018497Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zcrashreport.exe|3c13381c061b9392\Publisher(Empty) 13241300x800000000000000018496Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\zcrashreport.exe|3c13381c061b9392\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\zcrashreport.exe 13241300x800000000000000018495Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\installer.exe|181d6dcb2f1b99f2\BinProductVersion5.4.58891.1115 13241300x800000000000000018494Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\installer.exe|181d6dcb2f1b99f2\LinkDate11/16/2020 07:23:52 13241300x800000000000000018493Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\installer.exe|181d6dcb2f1b99f2\Publisherzoom video communications, inc. 13241300x800000000000000018492Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\installer.exe|181d6dcb2f1b99f2\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\installer.exe 13241300x800000000000000018491Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptservice.exe|caecc129d6859c31\BinProductVersion5.4.2020.1111 13241300x800000000000000018490Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptservice.exe|caecc129d6859c31\LinkDate11/16/2020 07:08:01 13241300x800000000000000018489Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptservice.exe|caecc129d6859c31\Publisherzoom video communications, inc. 13241300x800000000000000018488Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptservice.exe|caecc129d6859c31\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\cptservice.exe 13241300x800000000000000018487Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptinstall.exe|66deffad03159876\BinProductVersion5.4.58891.1115 13241300x800000000000000018486Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptinstall.exe|66deffad03159876\LinkDate11/16/2020 07:08:01 13241300x800000000000000018485Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptinstall.exe|66deffad03159876\Publisherzoom video communications, inc. 13241300x800000000000000018484Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptinstall.exe|66deffad03159876\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\cptinstall.exe 13241300x800000000000000018483Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cpthost.exe|1ec070de03d2c25c\BinProductVersion5.4.58891.1115 13241300x800000000000000018482Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cpthost.exe|1ec070de03d2c25c\LinkDate11/16/2020 07:28:33 13241300x800000000000000018481Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cpthost.exe|1ec070de03d2c25c\Publisherzoom video communications, inc. 13241300x800000000000000018480Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cpthost.exe|1ec070de03d2c25c\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\cpthost.exe 13241300x800000000000000018479Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-VerSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptcontrol.exe|14aa4d8e8c2c42e2\BinProductVersion5.4.58891.1115 13241300x800000000000000018478Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-CompileTimeClaimSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptcontrol.exe|14aa4d8e8c2c42e2\LinkDate11/16/2020 07:11:12 13241300x800000000000000018477Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptcontrol.exe|14aa4d8e8c2c42e2\Publisherzoom video communications, inc. 13241300x800000000000000018476Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PathSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplicationFile\cptcontrol.exe|14aa4d8e8c2c42e2\LowerCaseLongPathc:\users\administrator\appdata\roaming\zoom\bin\cptcontrol.exe 13241300x800000000000000018475Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:18:48.271{2CC55DE6-70B7-5FB6-0000-001041CD2700}2632C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{d244de1e-112e-852a-8789-a719c3eb5fba}\Root\InventoryApplication\0000133a376b42a43eaccfff5e255f3f35520000ffff\PublisherZoom Video Communications, Inc. 10341000x800000000000000018474Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.227{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925444C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f40ac|C:\Windows\System32\TwinUI.dll+f4bf7|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22b9|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+505af|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+74e0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7c5e 10341000x800000000000000018473Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.227{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925444C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f40ac|C:\Windows\System32\TwinUI.dll+f4bf7|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22b9|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+505af|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+74e0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7c5e 10341000x800000000000000018472Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.117{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018471Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.117{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018470Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.117{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018469Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.117{2CC55DE6-6BC6-5FB6-0000-001085470800}44204128C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018468Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.117{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018467Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.117{2CC55DE6-6BC6-5FB6-0000-001085470800}44204128C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018466Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.117{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41838|C:\Windows\system32\windows.cortana.Desktop.dll+26127|C:\Windows\system32\windows.cortana.Desktop.dll+2151b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018465Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.117{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41550|C:\Windows\system32\windows.cortana.Desktop.dll+9248|C:\Windows\system32\windows.cortana.Desktop.dll+214b1|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018464Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.071{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018463Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.071{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018462Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.071{2CC55DE6-6BC6-5FB6-0000-001085470800}44204128C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018461Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.071{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+1a642|C:\Windows\system32\windows.cortana.onecore.dll+16b12|C:\Windows\system32\windows.cortana.onecore.dll+16a5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018460Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.071{2CC55DE6-6BC6-5FB6-0000-001085470800}44204128C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018459Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.071{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.onecore.dll+1a5a3|C:\Windows\system32\windows.cortana.onecore.dll+6118|C:\Windows\system32\windows.cortana.onecore.dll+169b1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000018458Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.071{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41838|C:\Windows\system32\windows.cortana.Desktop.dll+26127|C:\Windows\system32\windows.cortana.Desktop.dll+2151b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018457Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:48.071{2CC55DE6-6BC6-5FB6-0000-001085470800}44205368C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\windows.cortana.Desktop.dll+41792|C:\Windows\system32\windows.cortana.Desktop.dll+41550|C:\Windows\system32\windows.cortana.Desktop.dll+9248|C:\Windows\system32\windows.cortana.Desktop.dll+214b1|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000018531Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:49.321{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925444C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f40ac|C:\Windows\System32\TwinUI.dll+f4bf7|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22b9|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+505af|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+74e0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7c5e 10341000x800000000000000018530Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:49.321{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925444C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f40ac|C:\Windows\System32\TwinUI.dll+f4bf7|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22b9|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+505af|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+74e0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7c5e 10341000x800000000000000018529Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:49.321{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018528Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:49.321{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924456C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018527Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:49.321{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924456C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018526Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:49.321{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492868C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d966|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018525Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:49.321{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492868C:\Windows\Explorer.EXE{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d8be|C:\Windows\SYSTEM32\twinapi.appcore.dll+2d331|C:\Windows\SYSTEM32\twinapi.appcore.dll+2ec2c|C:\Windows\SYSTEM32\twinapi.appcore.dll+2c467|C:\Windows\System32\TwinUI.dll+f88c6|C:\Windows\System32\TwinUI.dll+ed067|C:\Windows\System32\TwinUI.dll+f742e|C:\Windows\System32\TwinUI.dll+f73f9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018524Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:49.321{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018536Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:50.852{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018535Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:50.852{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018534Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:50.852{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018533Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:50.852{2CC55DE6-6AC2-5FB6-0000-001001660000}6082528C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018532Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:50.711{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018545Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:54.805{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018544Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:54.805{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018543Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:54.805{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018542Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:54.805{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018541Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:54.805{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018540Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:54.805{2CC55DE6-6BC6-5FB6-0000-0010364F0800}46884736C:\Windows\system32\sihost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+1a0fc|C:\Windows\System32\modernexecserver.dll+1a09f|C:\Windows\System32\modernexecserver.dll+198f6|C:\Windows\System32\modernexecserver.dll+2c9d4|C:\Windows\System32\modernexecserver.dll+35efd|C:\Windows\System32\modernexecserver.dll+4d3a1|C:\Windows\System32\modernexecserver.dll+4d2bf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018539Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:54.617{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018538Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:54.617{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018537Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:54.617{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000018546Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:55.008{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018615Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018614Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018613Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018612Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018611Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018610Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018609Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018608Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018607Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018606Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018605Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018604Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018603Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018602Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018601Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018600Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018599Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018598Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018597Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018596Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018595Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018594Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.649{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925564C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018593Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.649{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925564C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018592Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.649{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925564C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018591Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.649{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018590Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.649{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018589Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.649{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018588Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.649{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018587Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.633{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018586Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.633{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+519e0|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018585Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.633{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e75c0|C:\Windows\System32\SHELL32.dll+5199c|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018584Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.633{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018583Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.633{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018582Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.633{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018581Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.633{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018580Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.617{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018579Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.617{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018578Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.617{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018577Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.617{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018576Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.617{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018575Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.602{2CC55DE6-70C0-5FB6-0000-0010AA352800}30285396C:\Users\Administrator\Downloads\ZoomInstaller.exe{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+159f0b(wow64)|C:\Windows\System32\KERNELBASE.dll+159bbc(wow64)|C:\Users\Administrator\Downloads\ZoomInstaller.exe+16899|C:\Users\Administrator\Downloads\ZoomInstaller.exe+1a71a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 154100x800000000000000018574Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.610{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe5,4,58891,1115Zoom InstallerZoom InstallerZoom Video Communications, Inc.Zoom Installer.\Installer.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=81F3FDB8463CD6589A119D30CE420A38,SHA256=DE47EF59CB33723AABE7463B59A27EB8B2A2F6163D815EF09F3977C30E09DABF,IMPHASH=691743EFD5C18602CE0BCE89564E206E{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe"C:\Users\Administrator\Downloads\ZoomInstaller.exe" 10341000x800000000000000018573Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.602{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000018572Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:56.539{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe2020-11-19 13:18:56.539 10341000x800000000000000018571Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.539{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925564C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018570Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.539{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925564C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018569Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.539{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925564C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018568Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.539{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018567Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.539{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018566Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.539{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018565Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.539{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018564Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.539{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018563Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.524{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+519e0|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018562Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.524{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e75c0|C:\Windows\System32\SHELL32.dll+5199c|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018561Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.524{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018560Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.524{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018559Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.524{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018558Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.524{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018557Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.508{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000018556Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDBSetValue2020-11-19 13:18:56.508{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Administrator\Downloads\ZoomInstaller.exeBinary Data 10341000x800000000000000018555Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.508{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041384C:\Windows\System32\svchost.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018554Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.508{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041384C:\Windows\System32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018553Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.508{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018552Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.508{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018551Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.508{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018550Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.508{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018549Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.508{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365216C:\Windows\system32\csrss.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018548Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.508{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922856C:\Windows\Explorer.EXE{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+13755f|C:\Windows\System32\windows.storage.dll+1371d5|C:\Windows\System32\windows.storage.dll+136cc6|C:\Windows\System32\windows.storage.dll+138138|C:\Windows\System32\windows.storage.dll+136aee|C:\Windows\System32\windows.storage.dll+10a3b5|C:\Windows\System32\windows.storage.dll+10a734|C:\Windows\System32\windows.storage.dll+109d70|C:\Windows\System32\windows.storage.dll+1241fa|C:\Windows\System32\windows.storage.dll+123f5a|C:\Windows\System32\SHELL32.dll+77991|C:\Windows\System32\SHELL32.dll+767f6|C:\Windows\System32\SHELL32.dll+110821|C:\Windows\System32\SHELL32.dll+7888e|C:\Windows\System32\SHELL32.dll+16d3ac|C:\Windows\System32\SHELL32.dll+16cfd3|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018547Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.513{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe5,4,0,0Zoom Meetings InstallerZoom Meetings InstallerZoom Video Communications, Inc.Zoom Meetings Installer"C:\Users\Administrator\Downloads\ZoomInstaller.exe" C:\Users\Administrator\Downloads\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=6CE40D2DBE808ECEE4C8D9067520A982,SHA256=F2F4ACDA6482F58B83F27C8696CE13DFE7FE7D47FBEE0239AA1CC754230272A7,IMPHASH=3172002EA699E1D21A7E82DF185D7D7B{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x800000000000000018870Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.899{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-70C1-5FB6-0000-00106C4E2800}5792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018869Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.899{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018868Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.899{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018867Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.899{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018866Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.899{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018865Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.899{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-70C1-5FB6-0000-00106C4E2800}5792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018864Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.899{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-70C1-5FB6-0000-00106C4E2800}5792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018863Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.899{2CC55DE6-70C1-5FB6-0000-00106C4E2800}5792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018862Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+233f|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3028f 10341000x800000000000000018861Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+233f|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3028f 10341000x800000000000000018860Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018859Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018858Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018857Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018856Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64) 10341000x800000000000000018855Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000018854Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018853Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018852Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018851Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64) 10341000x800000000000000018850Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018849Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018848Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018847Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64) 10341000x800000000000000018846Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018845Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018844Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018843Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64) 10341000x800000000000000018842Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018841Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018840Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018839Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64) 10341000x800000000000000018838Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018837Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018836Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000018835Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+2a3895(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018834Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018833Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018832Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000018831Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018830Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018829Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018828Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64) 10341000x800000000000000018827Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000018826Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018825Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018824Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000018823Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018822Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018821Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018820Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018819Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018818Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018817Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018816Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018815Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.571{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018814Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.558{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+23e5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+301f5 10341000x800000000000000018813Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.558{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+23e5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+301f5 10341000x800000000000000018812Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.558{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018811Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.558{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018810Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.558{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018809Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.558{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018808Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.558{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64) 10341000x800000000000000018807Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.558{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000018806Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.555{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018805Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.555{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018804Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.555{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018803Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.555{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64) 10341000x800000000000000018802Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018801Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018800Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018799Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64) 10341000x800000000000000018798Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018797Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018796Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000018795Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018794Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018793Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018792Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64) 10341000x800000000000000018791Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000018790Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018789Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018788Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64) 10341000x800000000000000018787Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64) 10341000x800000000000000018786Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000018785Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000018784Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000018783Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000018782Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000018781Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000018780Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000018779Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000018778Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018777Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018776Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000018775Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018774Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018773Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018772Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018771Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018770Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018769Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018768Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018767Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018766Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+23e5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+301f5 10341000x800000000000000018765Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+23e5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+301f5 10341000x800000000000000018764Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018763Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018762Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018761Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018760Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64) 10341000x800000000000000018759Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000018758Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018757Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018756Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018755Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64) 10341000x800000000000000018754Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018753Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22df 10341000x800000000000000018752Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018751Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64) 10341000x800000000000000018750Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018749Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018748Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000018747Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018746Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018745Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018744Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000018743Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000018742Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+1db63d(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000018741Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+1db63d(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000018740Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+1db63d(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000018739Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+1db63d(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000018738Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018737Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64) 10341000x800000000000000018736Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000018735Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018734Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018733Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018732Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018731Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018730Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018729Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018728Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000018727Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018726Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1cae0(wow64)|C:\Windows\System32\shcore.dll+1bb4b(wow64)|C:\Windows\System32\windows.storage.dll+1a1adc(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64)|C:\Windows\System32\windows.storage.dll+41292d(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2e76 10341000x800000000000000018725Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1a1ace(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000018724Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.524{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1a1ace(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+2e9c73(wow64) 10341000x800000000000000018723Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018722Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018721Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018720Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018719Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018718Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018717Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018716Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018715Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018714Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018713Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018712Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018711Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018710Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018709Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018708Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018707Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:57.508{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+288a4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018706Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018705Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018704Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018703Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018702Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018701Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018700Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018699Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018698Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018697Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018696Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018695Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018694Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018693Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018692Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018691Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018690Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018689Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018688Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018687Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018686Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018685Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018684Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018683Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018682Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018681Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018680Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018679Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018678Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018677Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018676Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018675Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018674Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018673Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018672Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018671Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018670Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018669Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018668Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018667Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018666Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018665Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018664Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018663Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018662Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018661Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018660Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018659Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018658Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018657Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018656Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018655Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018654Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018653Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018652Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018651Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018650Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018649Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018648Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018647Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018646Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018645Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018644Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018643Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018642Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018641Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018640Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018639Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018638Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018637Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018636Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018635Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018634Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018633Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018632Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018631Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018630Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018629Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018628Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018627Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018626Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018625Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018624Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018623Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018622Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018621Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018620Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018619Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018618Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018617Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000018616Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:56.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 11241100x800000000000000018928Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.922{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zzhost.dll2020-11-19 13:18:58.922 11241100x800000000000000018927Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.917{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dll2020-11-19 13:18:58.917 11241100x800000000000000018926Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.909{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zWebService.dll2020-11-19 13:18:58.909 11241100x800000000000000018925Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.905{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dll2020-11-19 13:18:58.904 11241100x800000000000000018924Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.901{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dll2020-11-19 13:18:58.900 11241100x800000000000000018923Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.899{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exe2020-11-19 13:18:58.899 11241100x800000000000000018922Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.898{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exe2020-11-19 13:18:58.898 11241100x800000000000000018921Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.898{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zToastNotification.dll2020-11-19 13:18:58.898 11241100x800000000000000018920Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.897{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dll2020-11-19 13:18:58.897 11241100x800000000000000018919Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.896{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exe2020-11-19 13:18:58.896 11241100x800000000000000018918Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.895{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe2020-11-19 13:18:58.894 11241100x800000000000000018917Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.893{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\ZoomDocConverter.exe2020-11-19 13:18:58.893 11241100x800000000000000018916Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.893{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe2020-11-19 13:18:58.892 11241100x800000000000000018915Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.892{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zmb.dll2020-11-19 13:18:58.891 11241100x800000000000000018914Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.889{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zlt.dll2020-11-19 13:18:58.889 11241100x800000000000000018913Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.886{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll2020-11-19 13:18:58.886 11241100x800000000000000018912Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.883{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zData.dll2020-11-19 13:18:58.883 11241100x800000000000000018911Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.881{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.exe2020-11-19 13:18:58.881 11241100x800000000000000018910Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.881{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.dll2020-11-19 13:18:58.881 11241100x800000000000000018909Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.878{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll2020-11-19 13:18:58.877 11241100x800000000000000018908Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.871{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll2020-11-19 13:18:58.871 11241100x800000000000000018907Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.867{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll2020-11-19 13:18:58.867 11241100x800000000000000018906Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.867{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll2020-11-19 13:18:58.866 11241100x800000000000000018905Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.864{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\viper.dll2020-11-19 13:18:58.864 11241100x800000000000000018904Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.863{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\util.dll2020-11-19 13:18:58.862 11241100x800000000000000018903Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.862{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll2020-11-19 13:18:58.862 11241100x800000000000000018902Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.861{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll2020-11-19 13:18:58.861 11241100x800000000000000018901Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.860{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\tp.dll2020-11-19 13:18:58.860 11241100x800000000000000018900Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.858{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll2020-11-19 13:18:58.858 11241100x800000000000000018899Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.856{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\reslib.dll2020-11-19 13:18:58.856 11241100x800000000000000018898Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.855{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\nydus.dll2020-11-19 13:18:58.855 11241100x800000000000000018897Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.854{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\msaalib.dll2020-11-19 13:18:58.854 11241100x800000000000000018896Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.853{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\mcm.dll2020-11-19 13:18:58.853 11241100x800000000000000018895Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.852{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\libssl-1_1.dll2020-11-19 13:18:58.852 11241100x800000000000000018894Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.851{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll2020-11-19 13:18:58.851 11241100x800000000000000018893Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.849{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\libcrypto-1_1.dll2020-11-19 13:18:58.849 10341000x800000000000000018892Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:58.849{2CC55DE6-70C2-5FB6-0000-00101A522800}29444452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000018891Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.847{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\Installer.exe2020-11-19 13:18:58.847 11241100x800000000000000018890Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.846{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll2020-11-19 13:18:58.845 11241100x800000000000000018889Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.844{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\DllSafeCheck.dll2020-11-19 13:18:58.844 11241100x800000000000000018888Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.844{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll2020-11-19 13:18:58.844 11241100x800000000000000018887Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.843{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CptService.exe2020-11-19 13:18:58.843 11241100x800000000000000018886Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.843{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe2020-11-19 13:18:58.842 11241100x800000000000000018885Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.841{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe2020-11-19 13:18:58.841 11241100x800000000000000018884Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:58.840{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe2020-11-19 13:18:58.840 11241100x800000000000000018883Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.839{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\Cmmlib.dll2020-11-19 13:18:58.839 11241100x800000000000000018882Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.838{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\CmmBrowserEngine.dll2020-11-19 13:18:58.838 11241100x800000000000000018881Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.837{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll2020-11-19 13:18:58.837 11241100x800000000000000018880Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.837{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\aomagent.dll2020-11-19 13:18:58.837 11241100x800000000000000018879Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:58.836{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\zoom_install_src\annoter.dll2020-11-19 13:18:58.836 10341000x800000000000000018878Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:58.682{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-70C2-5FB6-0000-00101A522800}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018877Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:58.681{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018876Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:58.681{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018875Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:58.681{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018874Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:58.681{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018873Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:58.681{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-70C2-5FB6-0000-00101A522800}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018872Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:58.680{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-70C2-5FB6-0000-00101A522800}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018871Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:58.680{2CC55DE6-70C2-5FB6-0000-00101A522800}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000019146Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:59.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom_launcher.exe2020-11-19 13:18:59.992 11241100x800000000000000019145Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:59.977{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe2020-11-19 13:18:59.977 11241100x800000000000000019144Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.977{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zmb.dll2020-11-19 13:18:59.977 11241100x800000000000000019143Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.951{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zlt.dll2020-11-19 13:18:59.951 11241100x800000000000000019142Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.950{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zWinRes.dll2020-11-19 13:18:59.950 11241100x800000000000000019141Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.914{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zData.dll2020-11-19 13:18:59.914 11241100x800000000000000019140Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:59.899{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zCrashReport.exe2020-11-19 13:18:59.899 11241100x800000000000000019139Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.899{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zCrashReport.dll2020-11-19 13:18:59.883 11241100x800000000000000019138Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.883{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll2020-11-19 13:18:59.883 11241100x800000000000000019137Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.846{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll2020-11-19 13:18:59.845 11241100x800000000000000019136Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.820{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zAutoUpdate.dll2020-11-19 13:18:59.820 11241100x800000000000000019135Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.805{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\viper.dll2020-11-19 13:18:59.805 11241100x800000000000000019134Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.789{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\util.dll2020-11-19 13:18:59.789 11241100x800000000000000019133Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.789{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\turbojpeg.dll2020-11-19 13:18:59.789 11241100x800000000000000019132Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.774{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\tp.dll2020-11-19 13:18:59.774 11241100x800000000000000019131Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.774{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\libssl-1_1.dll2020-11-19 13:18:59.774 11241100x800000000000000019130Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.751{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\ssb_sdk.dll2020-11-19 13:18:59.751 11241100x800000000000000019129Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.751{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\nydus.dll2020-11-19 13:18:59.751 11241100x800000000000000019128Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.744{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\mcm.dll2020-11-19 13:18:59.744 11241100x800000000000000019127Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.727{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\libcrypto-1_1.dll2020-11-19 13:18:59.727 11241100x800000000000000019126Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:59.711{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Installer.exe2020-11-19 13:18:59.711 11241100x800000000000000019125Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.695{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll2020-11-19 13:18:59.695 11241100x800000000000000019124Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:59.695{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CptHost.exe2020-11-19 13:18:59.695 11241100x800000000000000019123Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.680{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Cmmlib.dll2020-11-19 13:18:59.680 11241100x800000000000000019122Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.680{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CmmBrowserEngine.dll2020-11-19 13:18:59.680 11241100x800000000000000019121Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:18:59.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\msaalib.dll2020-11-19 13:18:59.664 10341000x800000000000000019120Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f311 10341000x800000000000000019119Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f311 10341000x800000000000000019118Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a 10341000x800000000000000019117Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d 10341000x800000000000000019116Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d 10341000x800000000000000019115Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d 10341000x800000000000000019114Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64) 10341000x800000000000000019113Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000019112Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b 10341000x800000000000000019111Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b 10341000x800000000000000019110Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019109Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000019108Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b 10341000x800000000000000019107Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b 10341000x800000000000000019106Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019105Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000019104Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a 10341000x800000000000000019103Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a 10341000x800000000000000019102Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000019101Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019100Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019099Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019098Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64) 10341000x800000000000000019097Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019096Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019095Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019094Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64) 10341000x800000000000000019093Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64) 10341000x800000000000000019092Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019091Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019090Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019089Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019088Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019087Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019086Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019085Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019084Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019083Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019082Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019081Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019080Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019079Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019078Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019077Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019076Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a 10341000x800000000000000019075Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a 10341000x800000000000000019074Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000019073Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019072Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d 10341000x800000000000000019071Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d 10341000x800000000000000019070Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019069Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019068Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d 10341000x800000000000000019067Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+37f9d 10341000x800000000000000019066Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019065Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019064Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019063Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019062Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019061Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019060Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019059Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019058Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019057Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019056Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019055Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019054Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019053Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019052Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019051Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019050Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019049Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+385b4|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+29c0e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019048Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.349{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-70C3-5FB6-0000-0010BA582800}5744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019047Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.348{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019046Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.348{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019045Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.347{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019044Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.347{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019043Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.347{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-70C3-5FB6-0000-0010BA582800}5744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019042Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.347{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-70C3-5FB6-0000-0010BA582800}5744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019041Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.346{2CC55DE6-70C3-5FB6-0000-0010BA582800}5744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019040Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019039Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019038Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019037Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019036Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019035Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019034Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019033Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019032Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019031Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019030Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019029Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019028Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019027Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019026Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019025Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3853b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019024Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019023Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019022Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019021Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019020Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019019Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019018Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019017Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019016Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019015Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019014Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019013Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019012Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019011Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019010Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019009Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38531|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019008Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019007Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019006Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019005Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019004Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019003Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019002Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019001Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019000Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018999Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018998Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018997Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018996Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018995Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018994Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018993Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38527|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018992Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018991Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018990Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018989Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018988Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018987Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018986Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018985Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018984Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018983Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018982Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018981Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018980Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018979Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018978Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018977Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+3851d|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018976Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018975Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018974Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018973Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018972Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018971Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018970Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018969Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018968Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018967Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018966Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018965Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018964Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018963Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018962Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018961Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38513|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018960Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018959Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018958Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018957Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018956Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018955Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018954Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018953Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018952Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018951Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018950Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018949Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018948Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018947Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018946Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018945Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+38509|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018944Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018943Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018942Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018941Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018940Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018939Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018938Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018937Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018936Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018935Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018934Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018933Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018932Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018931Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018930Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000018929Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:18:59.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+388fa|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+384fd|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28e11|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+259cb|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+25765|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+566ca 10341000x800000000000000019896Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019895Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019894Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019893Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019892Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019891Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019890Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019889Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019888Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019887Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019886Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019885Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019884Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019883Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019882Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019881Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019880Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019879Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019878Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019877Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019876Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019875Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019874Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019873Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019872Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019871Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019870Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019869Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019868Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019867Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019866Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019865Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019864Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019863Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019862Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019861Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019860Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019859Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019858Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019857Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019856Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019855Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019854Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019853Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019852Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019851Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019850Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019849Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019848Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019847Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019846Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019845Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019844Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019843Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.899{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 534500x800000000000000019842Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.846{2CC55DE6-70C0-5FB6-0000-0010AA352800}3028C:\Users\Administrator\Downloads\ZoomInstaller.exe 534500x800000000000000019841Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.839{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe 10341000x800000000000000019840Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.820{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019839Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.820{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019838Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.820{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019837Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.820{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019836Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.820{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019835Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.820{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019834Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.820{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\seclogon.dll+17dc|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019833Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.820{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe5,4,58891,1115Zoom MeetingsZoomZoom Video Communications, Inc.ZoomC:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeC:\Windows\system32\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=7FE1C23F193D7455E1E259C17A7E9309,SHA256=EC75B4BA6AC299D5785A9ECD2FE1EF0271FA394860E6B7B3276D5F0E52F1031D,IMPHASH=ACEFBBC71EA20411A686BCA9E00A2FE2{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe.\Installer.exe 10341000x800000000000000019832Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.820{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019831Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.805{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\System32\TokenBroker.dll+1acfa|C:\Windows\System32\TokenBroker.dll+1d475|C:\Windows\System32\TokenBroker.dll+1d7f9|C:\Windows\System32\TokenBroker.dll+1e8f3|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5fc83|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+5086c|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce 10341000x800000000000000019830Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.805{2CC55DE6-6BC6-5FB6-0000-001085470800}44204192C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\System32\TokenBroker.dll+21886|C:\Windows\System32\TokenBroker.dll+1ac23|C:\Windows\System32\TokenBroker.dll+1d475|C:\Windows\System32\TokenBroker.dll+1d7f9|C:\Windows\System32\TokenBroker.dll+1e8f3|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5fc83|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+5086c|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d 10341000x800000000000000019829Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.789{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-70C4-5FB6-0000-001006A22800}5712C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019828Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.789{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-70C4-5FB6-0000-001006A22800}5712C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019827Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.789{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-70C4-5FB6-0000-001006A22800}5712C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019826Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.789{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\seclogon.dll+1404|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019825Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.789{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe0x14c0C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\seclogon.dll+128d|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019824Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-6AC1-5FB6-0000-001036540000}8601176C:\Windows\system32\lsass.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019823Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-6AC1-5FB6-0000-001036540000}8601176C:\Windows\system32\lsass.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019822Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1534|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+15fe|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+17ba|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+110e3|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+27012|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2905a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28db2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64) 10341000x800000000000000019821Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28f9c|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28db2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64) 10341000x800000000000000019820Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28f9c|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28db2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+cc54(wow64)|C:\Windows\System32\USER32.dll+ca10(wow64) 10341000x800000000000000019819Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28f9c|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28db2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877 10341000x800000000000000019818Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28f9c|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28db2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+22c14|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d877|C:\Windows\System32\USER32.dll+2d2d3(wow64) 10341000x800000000000000019817Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28f8c|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28db2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2 10341000x800000000000000019816Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28f8c|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28db2|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+280b2 10341000x800000000000000019815Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a 10341000x800000000000000019814Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1dfe4f(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945 10341000x800000000000000019813Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f167(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945 10341000x800000000000000019812Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\SHELL32.dll+12f0e8(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945 10341000x800000000000000019811Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64) 10341000x800000000000000019810Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.664{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\SHELL32.dll+12f0d3(wow64)|C:\Windows\System32\SHELL32.dll+12ee0c(wow64)|C:\Windows\System32\SHELL32.dll+16489d(wow64)|C:\Windows\System32\windows.storage.dll+10a65e(wow64)|C:\Windows\System32\windows.storage.dll+10a1d3(wow64)|C:\Windows\System32\windows.storage.dll+1e03bd(wow64)|C:\Windows\System32\windows.storage.dll+1dfcb9(wow64)|C:\Windows\System32\windows.storage.dll+d9628(wow64) 10341000x800000000000000019809Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28f8c 10341000x800000000000000019808Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28f8c 10341000x800000000000000019807Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019806Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0857(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000019805Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28f8c 10341000x800000000000000019804Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+28f8c 10341000x800000000000000019803Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019802Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0838(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64) 10341000x800000000000000019801Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a 10341000x800000000000000019800Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a 10341000x800000000000000019799Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000019798Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf96(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019797Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019796Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019795Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64) 10341000x800000000000000019794Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dc41e(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019793Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019792Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019791Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64) 10341000x800000000000000019790Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+dcd0b(wow64)|C:\Windows\System32\windows.storage.dll+dc400(wow64)|C:\Windows\System32\windows.storage.dll+d9868(wow64)|C:\Windows\System32\windows.storage.dll+1dd3c7(wow64)|C:\Windows\System32\windows.storage.dll+1dde84(wow64) 10341000x800000000000000019789Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019788Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019787Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019786Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019785Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019784Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019783Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019782Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019781Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019780Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019779Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019778Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019777Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019776Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019775Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019774Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019773Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019772Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019771Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019770Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019769Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019768Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019767Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019766Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019765Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019764Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019763Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019762Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019761Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019760Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019759Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019758Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019757Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019756Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019755Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019754Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019753Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019752Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019751Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019750Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019749Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019748Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019747Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019746Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019745Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019744Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019743Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019742Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019741Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019740Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019739Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019738Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019737Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019736Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019735Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019734Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019733Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019732Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019731Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019730Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019729Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019728Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019727Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019726Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019725Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019724Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019723Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019722Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019721Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019720Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019719Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019718Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019717Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019716Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019715Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019714Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019713Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019712Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019711Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019710Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019709Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019708Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019707Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019706Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019705Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019704Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019703Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019702Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.651{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019701Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019700Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019699Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019698Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019697Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019696Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019695Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019694Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019693Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019692Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019691Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019690Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019689Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019688Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.650{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019687Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.649{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019686Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.649{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019685Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.648{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019684Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.648{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019683Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.648{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019682Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.648{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019681Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.648{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019680Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.648{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019679Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.648{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019678Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.648{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019677Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.648{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019676Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019675Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019674Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019673Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019672Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019671Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019670Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019669Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019668Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019667Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019666Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019665Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019664Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019663Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019662Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019661Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019660Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019659Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019658Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019657Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019656Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019655Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019654Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019653Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019652Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019651Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019650Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019649Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019648Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019647Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019646Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019645Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019644Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019643Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019642Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019641Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019640Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019639Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019638Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019637Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019636Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019635Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019634Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019633Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019632Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019631Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019630Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019629Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019628Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019627Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019626Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019625Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019624Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019623Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019622Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019621Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019620Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019619Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019618Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019617Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019616Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019615Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019614Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019613Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019612Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019611Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019610Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019609Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019608Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019607Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019606Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019605Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019604Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019603Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019602Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019601Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019600Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019599Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019598Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019597Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019596Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019595Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019594Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019593Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019592Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019591Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019590Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019589Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019588Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019587Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019586Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019585Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019584Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019583Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019582Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019581Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019580Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019579Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019578Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019577Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019576Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019575Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019574Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019573Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019572Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019571Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019570Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019569Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019568Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019567Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019566Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019565Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019564Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019563Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019562Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019561Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019560Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019559Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019558Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019557Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019556Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019555Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019554Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019553Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019552Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019551Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019550Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019549Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019548Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.633{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019547Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019546Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019545Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019544Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019543Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019542Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019541Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019540Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019539Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019538Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019537Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019536Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019535Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019534Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019533Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019532Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019531Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019530Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019529Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019528Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019527Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019526Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019525Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019524Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019523Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019522Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019521Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019520Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019519Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019518Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019517Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019516Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019515Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019514Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019513Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019512Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019511Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019510Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019509Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019508Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019507Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019506Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019505Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019504Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019503Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019502Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019501Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019500Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019499Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019498Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019497Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019496Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019495Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019494Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019493Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019492Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019491Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019490Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019489Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019488Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019487Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019486Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019485Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019484Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019483Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019482Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019481Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019480Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019479Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019478Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019477Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019476Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019475Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019474Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019473Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019472Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019471Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019470Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019469Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019468Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019467Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019466Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019465Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019464Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019463Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019462Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019461Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019460Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019459Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019458Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019457Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019456Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019455Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019454Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019453Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019452Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019451Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019450Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019449Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019448Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019447Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019446Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019445Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019444Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019443Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019442Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019441Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019440Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019439Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019438Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019437Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019436Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019435Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019434Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019433Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019432Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019431Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019430Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019429Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019428Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019427Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019426Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019425Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019424Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019423Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019422Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019421Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019420Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019419Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019418Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019417Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019416Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019415Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019414Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019413Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019412Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019411Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019410Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019409Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019408Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019407Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019406Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019405Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019404Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019403Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019402Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019401Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019400Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019399Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019398Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019397Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019396Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019395Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019394Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019393Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019392Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.617{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019391Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019390Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019389Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019388Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019387Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019386Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019385Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019384Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019383Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019382Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019381Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019380Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019379Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019378Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019377Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019376Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019375Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019374Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019373Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019372Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019371Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019370Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019369Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019368Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019367Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019366Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019365Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019364Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019363Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019362Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019361Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019360Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019359Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019358Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019357Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019356Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019355Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019354Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019353Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019352Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019351Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019350Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019349Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019348Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019347Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019346Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019345Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019344Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019343Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019342Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019341Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019340Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019339Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019338Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019337Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019336Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019335Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019334Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019333Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019332Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019331Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019330Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019329Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019328Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019327Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019326Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019325Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019324Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019323Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019322Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019321Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019320Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019319Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019318Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019317Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019316Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019315Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019314Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019313Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019312Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019311Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019310Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019309Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019308Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019307Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019306Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019305Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019304Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019303Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019302Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019301Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019300Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019299Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019298Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019297Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019296Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019295Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019294Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019293Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019292Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019291Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019290Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019289Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019288Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019287Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019286Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019285Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019284Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019283Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019282Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019281Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019280Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019279Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019278Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019277Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019276Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64) 10341000x800000000000000019275Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019274Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1de651(wow64)|C:\Windows\System32\windows.storage.dll+1e495e(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64) 10341000x800000000000000019273Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019272Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64)|C:\Windows\System32\windows.storage.dll+1dde04(wow64)|C:\Windows\System32\windows.storage.dll+da11b(wow64)|C:\Windows\System32\windows.storage.dll+1de038(wow64) 10341000x800000000000000019271Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64) 10341000x800000000000000019270Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+1fe249(wow64)|C:\Windows\System32\windows.storage.dll+1db5e1(wow64)|C:\Windows\System32\windows.storage.dll+1e491f(wow64)|C:\Windows\System32\windows.storage.dll+1dc7ee(wow64)|C:\Windows\System32\windows.storage.dll+1dc1f0(wow64) 10341000x800000000000000019269Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a 10341000x800000000000000019268Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a 10341000x800000000000000019267Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64) 10341000x800000000000000019266Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1ddf43(wow64)|C:\Windows\System32\windows.storage.dll+1e16d0(wow64)|C:\Windows\System32\windows.storage.dll+1e099b(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019265Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945 10341000x800000000000000019264Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945 10341000x800000000000000019263Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019262Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0954(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019261Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945 10341000x800000000000000019260Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64)|C:\Windows\System32\windows.storage.dll+f8ff1(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2d5a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+30945 10341000x800000000000000019259Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64) 10341000x800000000000000019258Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.602{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761156C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bf845(wow64)|C:\Windows\System32\windows.storage.dll+1bf8d7(wow64)|C:\Windows\System32\windows.storage.dll+1e0ac3(wow64)|C:\Windows\System32\windows.storage.dll+1e0a73(wow64)|C:\Windows\System32\windows.storage.dll+1e0933(wow64)|C:\Windows\System32\windows.storage.dll+1e056e(wow64)|C:\Windows\System32\windows.storage.dll+d96a9(wow64) 10341000x800000000000000019257Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.550{2CC55DE6-70C4-5FB6-0000-0010D78D2800}53285464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000019256Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:19:00.544{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Clients\ZoomPBX\ZoomPBX\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" 13241300x800000000000000019255Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:19:00.544{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Clients\ZoomPBX\ZoomPBX\Protocols\ZoomPhoneCall\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" --url="%%l" 13241300x800000000000000019254Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:19:00.543{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\ZoomPbx.zoomphonecall\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" --url="%%l" 13241300x800000000000000019253Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:19:00.543{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\ZoomPhoneCall\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" --url="%%l" 13241300x800000000000000019252Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:19:00.541{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\ZoomRecording\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\zTscoder.exe" "%%1" 13241300x800000000000000019251Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:19:00.541{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\zoommtg\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=%%1" 13241300x800000000000000019250Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT1042SetValue2020-11-19 13:19:00.540{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500_Classes\ZoomLauncher\shell\open\command\(Default)"C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=%%1" 13241300x800000000000000019249Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localInvDB-PubSetValue2020-11-19 13:19:00.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomUMX\PublisherZoom Video Communications, Inc. 13241300x800000000000000019248Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localSetValue2020-11-19 13:19:00.539{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeHKU\S-1-5-21-547558961-129183590-1786388743-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomUMX\URLUpdateInfohttps://zoom.us 10341000x800000000000000019247Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.477{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f23a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f311|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f7e8 10341000x800000000000000019246Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.477{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f23a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f311|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f7e8 10341000x800000000000000019245Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.477{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b 10341000x800000000000000019244Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.477{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8 10341000x800000000000000019243Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.477{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f23a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f311|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f7e8 10341000x800000000000000019242Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.477{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f23a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f311|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f7e8 10341000x800000000000000019241Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.477{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b 10341000x800000000000000019240Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.477{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8 11241100x800000000000000019239Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10232020-11-19 13:19:00.477{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk2020-11-19 13:19:00.477 10341000x800000000000000019238Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.430{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f23a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f311|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f7e8 10341000x800000000000000019237Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.430{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f23a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f311|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f7e8 10341000x800000000000000019236Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.430{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b 10341000x800000000000000019235Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.430{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05e0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8 10341000x800000000000000019234Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.430{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f23a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f311|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f7e8 10341000x800000000000000019233Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.430{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f23a|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f311|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f7e8 10341000x800000000000000019232Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.430{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b 10341000x800000000000000019231Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.430{2CC55DE6-70C0-5FB6-0000-0010503A2800}68761284C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+c05d0(wow64)|C:\Windows\System32\windows.storage.dll+c044b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+1196e|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+381b5|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2ee9b|C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exe+2f1e8 11241100x800000000000000019230Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10232020-11-19 13:19:00.430{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk2020-11-19 13:19:00.430 11241100x800000000000000019229Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localT10232020-11-19 13:19:00.414{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom2020-11-19 13:19:00.414 11241100x800000000000000019228Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.414{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zKBCrypto.dll2020-11-19 13:19:00.414 11241100x800000000000000019227Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.399{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zOutlookIMUtil.dll2020-11-19 13:19:00.399 11241100x800000000000000019226Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.383{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\UIBase.dll2020-11-19 13:19:00.383 11241100x800000000000000019225Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:19:00.383{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\ZoomOutlookIMPlugin.exe2020-11-19 13:19:00.383 10341000x800000000000000019224Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.383{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019223Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.383{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019222Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.383{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019221Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.383{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019220Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.383{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019219Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.383{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019218Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.383{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7097-5FB6-0000-001003422700}5328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019217Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.384{2CC55DE6-70C4-5FB6-0000-0010D78D2800}5328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000019216Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:19:00.367{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\ZoomDocConverter.exe2020-11-19 13:19:00.367 11241100x800000000000000019215Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.367{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zToastNotification.dll2020-11-19 13:19:00.367 11241100x800000000000000019214Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\vcruntime140.dll2020-11-19 13:19:00.351 11241100x800000000000000019213Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\vccorlib140.dll2020-11-19 13:19:00.351 11241100x800000000000000019212Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\ucrtbase.dll2020-11-19 13:19:00.351 11241100x800000000000000019211Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\msvcp140_codecvt_ids.dll2020-11-19 13:19:00.351 11241100x800000000000000019210Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\msvcp140_2.dll2020-11-19 13:19:00.351 11241100x800000000000000019209Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\msvcp140_1.dll2020-11-19 13:19:00.351 11241100x800000000000000019208Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\msvcp140.dll2020-11-19 13:19:00.351 11241100x800000000000000019207Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\concrt140.dll2020-11-19 13:19:00.351 11241100x800000000000000019206Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-utility-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019205Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-time-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019204Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-string-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019203Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-stdio-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019202Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-runtime-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019201Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-process-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019200Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-private-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019199Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-multibyte-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019198Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-math-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019197Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-locale-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019196Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-heap-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019195Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-filesystem-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019194Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-environment-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019193Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-convert-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019192Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-crt-conio-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019191Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\API-MS-Win-core-xstate-l2-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019190Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-util-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019189Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-timezone-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019188Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-sysinfo-l1-1-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019187Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-synch-l1-2-0.dll2020-11-19 13:19:00.351 11241100x800000000000000019186Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.351{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-synch-l1-1-0.dll2020-11-19 13:19:00.350 11241100x800000000000000019185Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.350{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-string-l1-1-0.dll2020-11-19 13:19:00.350 11241100x800000000000000019184Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.350{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-rtlsupport-l1-1-0.dll2020-11-19 13:19:00.350 11241100x800000000000000019183Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.349{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-profile-l1-1-0.dll2020-11-19 13:19:00.349 11241100x800000000000000019182Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.349{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-processthreads-l1-1-1.dll2020-11-19 13:19:00.349 11241100x800000000000000019181Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.349{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-processthreads-l1-1-0.dll2020-11-19 13:19:00.349 11241100x800000000000000019180Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.348{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-processenvironment-l1-1-0.dll2020-11-19 13:19:00.347 11241100x800000000000000019179Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.347{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-namedpipe-l1-1-0.dll2020-11-19 13:19:00.347 11241100x800000000000000019178Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.346{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-memory-l1-1-0.dll2020-11-19 13:19:00.346 11241100x800000000000000019177Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.346{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-localization-l1-2-0.dll2020-11-19 13:19:00.346 11241100x800000000000000019176Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.346{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-libraryloader-l1-1-0.dll2020-11-19 13:19:00.345 11241100x800000000000000019175Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.345{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-interlocked-l1-1-0.dll2020-11-19 13:19:00.345 11241100x800000000000000019174Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.345{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-heap-l1-1-0.dll2020-11-19 13:19:00.345 11241100x800000000000000019173Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.344{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-handle-l1-1-0.dll2020-11-19 13:19:00.344 11241100x800000000000000019172Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.343{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-file-l2-1-0.dll2020-11-19 13:19:00.343 11241100x800000000000000019171Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.343{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-file-l1-2-0.dll2020-11-19 13:19:00.343 11241100x800000000000000019170Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.343{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-file-l1-1-0.dll2020-11-19 13:19:00.342 11241100x800000000000000019169Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.342{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-errorhandling-l1-1-0.dll2020-11-19 13:19:00.342 11241100x800000000000000019168Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.342{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-debug-l1-1-0.dll2020-11-19 13:19:00.342 11241100x800000000000000019167Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.341{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-datetime-l1-1-0.dll2020-11-19 13:19:00.341 11241100x800000000000000019166Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.341{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-console-l1-2-0.dll2020-11-19 13:19:00.341 11241100x800000000000000019165Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.341{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\api-ms-win-core-console-l1-1-0.dll2020-11-19 13:19:00.340 11241100x800000000000000019164Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:19:00.164{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zUpdater.exe2020-11-19 13:19:00.164 11241100x800000000000000019163Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.151{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll2020-11-19 13:19:00.151 11241100x800000000000000019162Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.150{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\aomagent.dll2020-11-19 13:19:00.150 11241100x800000000000000019161Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.133{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\libmpg123.dll2020-11-19 13:19:00.133 11241100x800000000000000019160Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.133{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zzhost.dll2020-11-19 13:19:00.133 11241100x800000000000000019159Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:19:00.117{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CptControl.exe2020-11-19 13:19:00.117 11241100x800000000000000019158Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:19:00.117{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CptService.exe2020-11-19 13:19:00.117 11241100x800000000000000019157Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:19:00.117{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\CptInstall.exe2020-11-19 13:19:00.117 11241100x800000000000000019156Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\asproxy.dll2020-11-19 13:19:00.102 11241100x800000000000000019155Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.102{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\XmppDll.dll2020-11-19 13:19:00.102 11241100x800000000000000019154Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.086{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\DuiLib.dll2020-11-19 13:19:00.086 11241100x800000000000000019153Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.070{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\reslib.dll2020-11-19 13:19:00.070 11241100x800000000000000019152Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:19:00.070{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\uninstall\Installer.exe2020-11-19 13:19:00.070 11241100x800000000000000019151Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.051{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\annoter.dll2020-11-19 13:19:00.051 11241100x800000000000000019150Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.051{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zWebService.dll2020-11-19 13:19:00.051 11241100x800000000000000019149Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.024{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zVideoUI.dll2020-11-19 13:19:00.024 11241100x800000000000000019148Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localDLL2020-11-19 13:19:00.008{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zVideoApp.dll2020-11-19 13:19:00.008 11241100x800000000000000019147Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localEXE2020-11-19 13:18:59.992{2CC55DE6-70C0-5FB6-0000-0010503A2800}6876C:\Users\ADMINI~1\AppData\Local\Temp\7zS4DBDF6D7\Installer.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\zTscoder.exe2020-11-19 13:18:59.992 10341000x800000000000000020026Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.930{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020025Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.839{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-70C5-5FB6-0000-001003E62800}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020024Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.838{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020023Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.838{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020022Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.838{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020021Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.838{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020020Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.837{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-70C5-5FB6-0000-001003E62800}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020019Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.837{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-70C5-5FB6-0000-001003E62800}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020018Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.837{2CC55DE6-70C5-5FB6-0000-001003E62800}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020017Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.320{2CC55DE6-70C5-5FB6-0000-00104DBA2800}57644336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020016Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.164{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-70C5-5FB6-0000-00104DBA2800}5764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020015Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.164{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020014Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.164{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020013Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.164{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020012Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.164{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020011Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.164{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-70C5-5FB6-0000-00104DBA2800}5764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020010Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.164{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-70C5-5FB6-0000-00104DBA2800}5764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020009Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.165{2CC55DE6-70C5-5FB6-0000-00104DBA2800}5764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020008Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-6AC1-5FB6-0000-001036540000}8601176C:\Windows\system32\lsass.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020007Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-6AC1-5FB6-0000-001036540000}8601176C:\Windows\system32\lsass.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020006Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020005Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020004Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020003Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020002Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020001Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020000Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019999Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019998Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019997Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019996Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019995Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019994Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019993Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019992Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019991Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019990Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019989Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019988Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019987Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019986Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019985Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019984Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019983Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019982Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019981Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019980Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019979Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019978Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019977Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019976Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019975Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019974Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019973Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019972Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019971Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019970Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019969Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019968Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019967Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019966Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019965Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019964Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019963Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019962Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019961Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019960Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019959Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019958Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019957Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019956Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019955Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019954Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019953Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019952Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019951Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019950Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019949Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019948Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019947Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019946Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019945Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019944Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019943Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019942Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019941Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019940Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019939Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019938Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019937Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019936Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019935Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019934Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019933Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019932Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019931Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019930Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019929Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019928Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019927Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019926Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019925Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.008{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019924Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019923Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019922Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019921Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019920Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019919Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019918Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019917Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019916Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019915Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019914Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019913Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019912Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019911Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019910Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019909Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019908Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019907Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019906Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019905Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019904Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019903Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019902Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019901Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019900Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019899Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019898Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000019897Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:00.992{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020053Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.951{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfdc9(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+e3f1d(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2dee95(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2df214(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2d5eea(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+cd5c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+77e8 10341000x800000000000000020052Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.951{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1ec1c(wow64)|C:\Windows\System32\windows.storage.dll+1bfcfc(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+e3f1d(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2dee95(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2df214(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2d5eea(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+cd5c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+77e8 10341000x800000000000000020051Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.951{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+e3f1d(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2dee95(wow64) 10341000x800000000000000020050Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.951{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1bfce7(wow64)|C:\Windows\System32\windows.storage.dll+1bfbc5(wow64)|C:\Windows\System32\windows.storage.dll+1bfa26(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+e3f1d(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2dee95(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2df214(wow64) 10341000x800000000000000020049Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.951{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1cbc8(wow64)|C:\Windows\System32\shcore.dll+1cae0(wow64)|C:\Windows\System32\shcore.dll+1bb4b(wow64)|C:\Windows\System32\windows.storage.dll+1a1adc(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+e3f1d(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2dee95(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2df214(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2d5eea(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+cd5c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+77e8 10341000x800000000000000020048Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.951{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1cc0a(wow64)|C:\Windows\System32\shcore.dll+1bf0b(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1a1ace(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+e3f1d(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2dee95(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2df214(wow64) 10341000x800000000000000020047Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.951{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+1be71(wow64)|C:\Windows\System32\shcore.dll+1bee6(wow64)|C:\Windows\System32\shcore.dll+1bba2(wow64)|C:\Windows\System32\shcore.dll+1bae0(wow64)|C:\Windows\System32\shcore.dll+1ba15(wow64)|C:\Windows\System32\windows.storage.dll+1a1ace(wow64)|C:\Windows\System32\windows.storage.dll+1bfb38(wow64)|C:\Windows\System32\windows.storage.dll+e4a77(wow64)|C:\Windows\System32\windows.storage.dll+e499e(wow64)|C:\Windows\System32\windows.storage.dll+e3f1d(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2dee95(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2df214(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatUI.dll+2d5eea(wow64) 10341000x800000000000000020046Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.914{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+519e0|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020045Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.914{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e75c0|C:\Windows\System32\SHELL32.dll+5199c|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020044Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.914{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020043Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.914{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020042Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.851{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020041Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.649{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020040Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.633{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020039Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.570{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925252C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+514bf|C:\Windows\System32\SHELL32.dll+52065|C:\Windows\Explorer.EXE+58884|C:\Windows\Explorer.EXE+57ec1|C:\Windows\Explorer.EXE+55ed3|C:\Windows\Explorer.EXE+5516c|C:\Windows\Explorer.EXE+52713|C:\Windows\Explorer.EXE+4747d|C:\Windows\Explorer.EXE+458a2|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+28e4e|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDB0BB1F)|UNKNOWN(FFFFE7DBCDAB2402)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e 10341000x800000000000000020038Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.570{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925252C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+51f7e|C:\Windows\Explorer.EXE+58884|C:\Windows\Explorer.EXE+57ec1|C:\Windows\Explorer.EXE+55ed3|C:\Windows\Explorer.EXE+5516c|C:\Windows\Explorer.EXE+52713|C:\Windows\Explorer.EXE+4747d|C:\Windows\Explorer.EXE+458a2|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+28e4e|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDB0BB1F)|UNKNOWN(FFFFE7DBCDAB2402)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\Explorer.EXE+4d3fa 10341000x800000000000000020037Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.570{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925252C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+58884|C:\Windows\Explorer.EXE+57ec1|C:\Windows\Explorer.EXE+55ed3|C:\Windows\Explorer.EXE+5516c|C:\Windows\Explorer.EXE+52713|C:\Windows\Explorer.EXE+4747d|C:\Windows\Explorer.EXE+458a2|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+28e4e|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDB0BB1F)|UNKNOWN(FFFFE7DBCDAB2402)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e 10341000x800000000000000020036Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.151{2CC55DE6-6AC1-5FB6-0000-001036540000}8601176C:\Windows\system32\lsass.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020035Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.151{2CC55DE6-6AC1-5FB6-0000-001036540000}8601176C:\Windows\system32\lsass.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020034Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.149{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11366652C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020033Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.133{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020032Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.117{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020031Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.117{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020030Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.117{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020029Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.117{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020028Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.117{2CC55DE6-6AC1-5FB6-0000-001036540000}8601176C:\Windows\system32\lsass.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020027Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:01.992{2CC55DE6-70C5-5FB6-0000-001003E62800}53845876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020076Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.523{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020075Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.523{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020074Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.523{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000020073Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.523{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000020072Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.477{2CC55DE6-6BC6-5FB6-0000-001085470800}44205284C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13711|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000020071Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.477{2CC55DE6-6BC6-5FB6-0000-001085470800}44205284C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13624|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000020070Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.477{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13d1e|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+8635|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+853f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17343|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7 354300x800000000000000020069Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:01.093{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1win-dc-480.attackrange.local61990false127.0.0.1win-dc-480.attackrange.local61989 354300x800000000000000020068Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:01.093{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse127.0.0.1win-dc-480.attackrange.local61990false127.0.0.1win-dc-480.attackrange.local61989 10341000x800000000000000020067Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.351{2CC55DE6-6BC6-5FB6-0000-001085470800}44205284C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13711|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000020066Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.351{2CC55DE6-6BC6-5FB6-0000-001085470800}44205284C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13624|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7bdd|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+7d23|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\RPCRT4.dll+614ab|C:\Windows\System32\combase.dll+53b7c|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+924ab|C:\Windows\System32\combase.dll+938c2|C:\Windows\System32\combase.dll+51ca3|C:\Windows\System32\combase.dll+939dd|C:\Windows\System32\combase.dll+507df|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+4da86|C:\Windows\System32\combase.dll+4d1ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16121 10341000x800000000000000020065Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.351{2CC55DE6-6BC6-5FB6-0000-001085470800}44205948C:\Windows\System32\RuntimeBroker.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\System32\combase.dll+50a2b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+13d1e|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+8635|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+853f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17343|C:\Windows\System32\combase.dll+364fa|C:\Windows\System32\combase.dll+2d1ed|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fc69|C:\Windows\System32\combase.dll+22df|C:\Windows\System32\combase.dll+53b83|C:\Windows\System32\combase.dll+53832|C:\Windows\System32\combase.dll+51958|C:\Windows\System32\combase.dll+4fecd|C:\Windows\System32\combase.dll+4f5af|C:\Windows\System32\combase.dll+6d9f9|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+523ce|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000020064Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.023{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925564C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020063Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.023{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020062Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.008{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020061Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.008{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-70C7-5FB6-0000-0010F0FE2800}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020060Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.008{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020059Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.008{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020058Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.008{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020057Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.008{2CC55DE6-6AC2-5FB6-0000-001001660000}6084984C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020056Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.008{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-70C7-5FB6-0000-0010F0FE2800}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020055Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.008{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-70C7-5FB6-0000-0010F0FE2800}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020054Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.009{2CC55DE6-70C7-5FB6-0000-0010F0FE2800}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000020080Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:02.637{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1win-dc-480.attackrange.local61994false127.0.0.1win-dc-480.attackrange.local61993 354300x800000000000000020079Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:02.637{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse127.0.0.1win-dc-480.attackrange.local61994false127.0.0.1win-dc-480.attackrange.local61993 354300x800000000000000020078Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:02.624{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1win-dc-480.attackrange.local61992false127.0.0.1win-dc-480.attackrange.local61991 354300x800000000000000020077Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:02.624{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse127.0.0.1win-dc-480.attackrange.local61992false127.0.0.1win-dc-480.attackrange.local61991 354300x800000000000000020082Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:02.867{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local61996false52.202.62.196ec2-52-202-62-196.compute-1.amazonaws.com443https 354300x800000000000000020081Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:02.742{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local61995false52.202.62.196ec2-52-202-62-196.compute-1.amazonaws.com443https 10341000x800000000000000020264Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.789{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020263Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020262Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020261Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020260Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020259Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020258Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020257Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020256Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020255Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020254Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020253Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020252Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020251Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.617{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020250Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020249Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020248Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020247Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020246Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020245Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020244Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020243Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020242Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020241Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020240Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020239Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020238Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020237Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020236Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020235Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020234Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020233Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020232Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020231Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020230Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020229Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020228Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020227Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020226Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020225Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020224Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020223Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020222Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020221Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020220Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020219Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020218Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020217Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020216Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020215Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020214Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020213Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020212Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020211Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020210Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020209Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020208Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020207Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020206Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020205Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020204Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020203Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020202Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020201Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020200Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020199Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020198Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020197Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020196Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020195Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020194Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020193Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020192Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020191Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020190Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020189Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020188Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020187Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020186Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020185Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020184Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020183Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020182Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020181Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020180Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020179Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020178Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020177Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020176Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020175Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020174Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020173Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020172Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020171Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020170Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020169Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020168Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020167Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020166Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020165Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020164Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020163Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020162Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020161Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020160Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020159Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020158Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020157Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020156Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020155Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020154Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020153Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020152Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.602{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020151Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020150Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020149Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020148Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020147Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020146Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020145Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020144Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020143Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020142Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020141Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020140Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020139Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020138Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020137Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020136Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020135Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020134Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020133Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020132Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020131Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020130Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020129Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020128Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020127Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020126Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020125Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020124Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020123Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020122Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020121Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020120Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020119Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020118Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.508{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020117Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020116Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020115Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020114Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020113Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020112Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020111Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020110Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020109Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020108Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020107Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020106Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020105Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020104Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020103Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020102Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020101Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020100Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020099Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020098Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020097Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.492{2CC55DE6-70CA-5FB6-0000-001076182900}55004428C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020096Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.477{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020095Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.477{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020094Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.477{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020093Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.477{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020092Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.477{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48366352C:\Windows\system32\csrss.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020091Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.477{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+18260|C:\Windows\System32\wow64win.dll+1ccb|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAA62DC)|UNKNOWN(FFFFE7DBCDC06829)|UNKNOWN(FFFFE7DBCDB23120)|UNKNOWN(FFFFE7DBCDAAB4DB)|UNKNOWN(FFFFE7DBCDAAA1DA)|UNKNOWN(FFFFE7DBCDAB578B)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\wow64win.dll+f5f4|C:\Windows\System32\wow64win.dll+58e2|C:\Windows\System32\wow64win.dll+5b7e|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87 154100x800000000000000020090Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.484{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe5,4,58891,1115Zoom MeetingsZoomZoom Video Communications, Inc.ZoomC:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe --action=preload --runaszvideo=TRUE C:\Windows\system32\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=7FE1C23F193D7455E1E259C17A7E9309,SHA256=EC75B4BA6AC299D5785A9ECD2FE1EF0271FA394860E6B7B3276D5F0E52F1031D,IMPHASH=ACEFBBC71EA20411A686BCA9E00A2FE2{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 10341000x800000000000000020089Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:06.477{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000020088Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:03.965{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-480.attackrange.local18329false147.124.109.2453479 354300x800000000000000020087Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:03.902{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-480.attackrange.local18329false147.124.109.2453478 354300x800000000000000020086Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:03.855{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-480.attackrange.local18329false149.137.84.303478 22542200x800000000000000020085Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:03.700{2CC55DE6-70C4-5FB6-0000-001096A42800}1632win-dc-480010.0.1.14;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 22542200x800000000000000020084Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.640{2CC55DE6-70C4-5FB6-0000-001096A42800}1632zoom.us0::ffff:52.202.62.196;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 22542200x800000000000000020083Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:02.526{2CC55DE6-70C4-5FB6-0000-001096A42800}1632wpad9003C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 10341000x800000000000000020270Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:07.273{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020269Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:07.102{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020268Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:07.102{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020267Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:07.102{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020266Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:07.102{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+12cc|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020265Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:07.102{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020278Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:08.695{2CC55DE6-6AC1-5FB6-0000-001036540000}86096C:\Windows\system32\lsass.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020277Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:08.695{2CC55DE6-6AC1-5FB6-0000-001036540000}86096C:\Windows\system32\lsass.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020276Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:08.617{2CC55DE6-6AD3-5FB6-0000-001065C50200}30963512C:\Windows\sysmon64.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Windows\sysmon64.exe+15618|C:\Windows\sysmon64.exe+16062|C:\Windows\sysmon64.exe+16487|C:\Windows\sysmon64.exe+1991e|C:\Windows\sysmon64.exe+1b8c4|C:\Windows\sysmon64.exe+1bb9f|C:\Windows\sysmon64.exe+1bcb5|C:\Windows\sysmon64.exe+a7d09|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000020275Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:06.344{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1win-dc-480.attackrange.local61999false127.0.0.1win-dc-480.attackrange.local61998 10341000x800000000000000020274Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:08.617{2CC55DE6-6AD3-5FB6-0000-001065C50200}30963512C:\Windows\sysmon64.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\sysmon64.exe+2515c|C:\Windows\sysmon64.exe+1b75d|C:\Windows\sysmon64.exe+1bb9f|C:\Windows\sysmon64.exe+1bcb5|C:\Windows\sysmon64.exe+a7d09|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000020273Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:06.344{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse127.0.0.1win-dc-480.attackrange.local61999false127.0.0.1win-dc-480.attackrange.local61998 10341000x800000000000000020272Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:08.617{2CC55DE6-6AD3-5FB6-0000-001065C50200}30963512C:\Windows\sysmon64.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Windows\sysmon64.exe+15618|C:\Windows\sysmon64.exe+16062|C:\Windows\sysmon64.exe+16487|C:\Windows\sysmon64.exe+1991e|C:\Windows\sysmon64.exe+1b8c4|C:\Windows\sysmon64.exe+1bb9f|C:\Windows\sysmon64.exe+1bcb5|C:\Windows\sysmon64.exe+a7d09|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020271Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:08.617{2CC55DE6-6AD3-5FB6-0000-001065C50200}30963512C:\Windows\sysmon64.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\sysmon64.exe+2515c|C:\Windows\sysmon64.exe+1b75d|C:\Windows\sysmon64.exe+1bb9f|C:\Windows\sysmon64.exe+1bcb5|C:\Windows\sysmon64.exe+a7d09|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020282Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:10.271{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020281Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:10.271{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020280Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:10.271{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020279Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:10.271{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925072C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020285Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:11.820{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-702E-5FB6-0000-0010C68C2500}2652C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b44437|C:\Program Files\Mozilla Firefox\xul.dll+a188c6|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020284Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:11.820{2CC55DE6-702A-5FB6-0000-0010DF0A2500}69006608C:\Program Files\Mozilla Firefox\firefox.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+11a31c1|C:\Program Files\Mozilla Firefox\xul.dll+2b4496d|C:\Program Files\Mozilla Firefox\xul.dll+2b44437|C:\Program Files\Mozilla Firefox\xul.dll+a188c6|C:\Program Files\Mozilla Firefox\xul.dll+a0dc82|C:\Program Files\Mozilla Firefox\xul.dll+a138dd|C:\Program Files\Mozilla Firefox\xul.dll+3ab63|C:\Program Files\Mozilla Firefox\xul.dll+f0fb26|C:\Program Files\Mozilla Firefox\xul.dll+ee5def|C:\Program Files\Mozilla Firefox\xul.dll+e10e|C:\Program Files\Mozilla Firefox\xul.dll+1cb0e8|C:\Program Files\Mozilla Firefox\xul.dll+1ca41f|C:\Program Files\Mozilla Firefox\xul.dll+3ccc8b9|C:\Program Files\Mozilla Firefox\xul.dll+3d8074c|C:\Program Files\Mozilla Firefox\xul.dll+3d81ec8|C:\Program Files\Mozilla Firefox\xul.dll+3d82393|C:\Program Files\Mozilla Firefox\firefox.exe+159b|C:\Program Files\Mozilla Firefox\firefox.exe+5a458|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000020283Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:08.201{2CC55DE6-70CA-5FB6-0000-001076182900}5500wpad9003C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 10341000x800000000000000020290Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:13.195{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020289Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:13.195{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020288Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:13.195{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020287Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:13.195{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020286Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:13.195{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020293Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:37.851{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020292Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:37.851{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020291Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:37.851{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020299Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:40.898{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020298Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:40.898{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020297Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:40.898{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020296Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:40.882{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020295Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:40.882{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020294Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:40.382{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000020309Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:40.006{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local62013false52.202.62.232ec2-52-202-62-232.compute-1.amazonaws.com443https 354300x800000000000000020308Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:39.991{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local62010false3.235.96.222ec2-3-235-96-222.compute-1.amazonaws.com443https 354300x800000000000000020307Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:39.902{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1win-dc-480.attackrange.local62012false127.0.0.1win-dc-480.attackrange.local62011 354300x800000000000000020306Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:39.902{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse127.0.0.1win-dc-480.attackrange.local62012false127.0.0.1win-dc-480.attackrange.local62011 354300x800000000000000020305Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:39.886{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1win-dc-480.attackrange.local62009false127.0.0.1win-dc-480.attackrange.local62008 354300x800000000000000020304Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:39.886{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse127.0.0.1win-dc-480.attackrange.local62009false127.0.0.1win-dc-480.attackrange.local62008 354300x800000000000000020303Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:39.872{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1win-dc-480.attackrange.local62007false127.0.0.1win-dc-480.attackrange.local62006 354300x800000000000000020302Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:39.872{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse127.0.0.1win-dc-480.attackrange.local62007false127.0.0.1win-dc-480.attackrange.local62006 22542200x800000000000000020301Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:39.904{2CC55DE6-70CA-5FB6-0000-001076182900}5500www3.zoom.us0::ffff:52.202.62.232;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 22542200x800000000000000020300Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:39.900{2CC55DE6-70CA-5FB6-0000-001076182900}5500logfiles.zoom.us0type: 5 logfiles-va.zoom.us;type: 5 logfiles-va-7.zoom.us;::ffff:3.235.96.222;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 10341000x800000000000000020317Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:57.913{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-70FD-5FB6-0000-0010D25E2900}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020316Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:57.913{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020315Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:57.913{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020314Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:57.913{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020313Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:57.913{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020312Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:57.913{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-70FD-5FB6-0000-0010D25E2900}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020311Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:57.913{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-70FD-5FB6-0000-0010D25E2900}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020310Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:57.914{2CC55DE6-70FD-5FB6-0000-0010D25E2900}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020331Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.851{2CC55DE6-70FE-5FB6-0000-00108F612900}62403668C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020330Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.695{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-70FE-5FB6-0000-00108F612900}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020329Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.695{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020328Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.695{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020327Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.695{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020326Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.695{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020325Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.695{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-70FE-5FB6-0000-00108F612900}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020324Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.695{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-70FE-5FB6-0000-00108F612900}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020323Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.695{2CC55DE6-70FE-5FB6-0000-00108F612900}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020322Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.398{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020321Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.398{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020320Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.398{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020319Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.382{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020318Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:58.382{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000020340Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:19:57.225{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local62018false52.202.62.232ec2-52-202-62-232.compute-1.amazonaws.com443https 10341000x800000000000000020339Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:59.335{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-70FF-5FB6-0000-001080632900}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020338Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:59.335{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020337Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:59.335{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020336Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:59.335{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020335Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:59.335{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020334Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:59.335{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-70FF-5FB6-0000-001080632900}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020333Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:59.335{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-70FF-5FB6-0000-001080632900}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020332Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:19:59.337{2CC55DE6-70FF-5FB6-0000-001080632900}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020352Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.556{2CC55DE6-7100-5FB6-0000-001054662900}47485932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020351Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.470{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020350Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.470{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020349Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.470{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020348Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.398{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7100-5FB6-0000-001054662900}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020347Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.398{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020346Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.398{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020345Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.398{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020344Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.398{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020343Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.398{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-7100-5FB6-0000-001054662900}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020342Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.398{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7100-5FB6-0000-001054662900}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020341Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.398{2CC55DE6-7100-5FB6-0000-001054662900}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020524Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.962{2CC55DE6-7101-5FB6-0000-0010878A2900}10522812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000020523Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:00.073{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1win-dc-480.attackrange.local62021false127.0.0.1win-dc-480.attackrange.local62020 354300x800000000000000020522Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:00.073{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse127.0.0.1win-dc-480.attackrange.local62021false127.0.0.1win-dc-480.attackrange.local62020 10341000x800000000000000020521Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.788{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7101-5FB6-0000-0010878A2900}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020520Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.788{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020519Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.788{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020518Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.788{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020517Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.788{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020516Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.788{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-7101-5FB6-0000-0010878A2900}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020515Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.788{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7101-5FB6-0000-0010878A2900}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020514Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.789{2CC55DE6-7101-5FB6-0000-0010878A2900}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020513Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.270{2CC55DE6-7101-5FB6-0000-0010C67D2900}69206640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020512Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.132{2CC55DE6-70CA-5FB6-0000-001076182900}55002928C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+10f556(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+1a659(wow64)|C:\Windows\System32\RPCRT4.dll+1f878(wow64)|C:\Windows\System32\RPCRT4.dll+21518(wow64)|C:\Windows\System32\RPCRT4.dll+286b0(wow64)|C:\Windows\System32\RPCRT4.dll+28fa4(wow64)|C:\Windows\System32\RPCRT4.dll+2cbd4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4feb9(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4e41f(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020511Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.132{2CC55DE6-70CA-5FB6-0000-001076182900}55002928C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+1881c(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+1a61a(wow64)|C:\Windows\System32\RPCRT4.dll+1f878(wow64)|C:\Windows\System32\RPCRT4.dll+21518(wow64)|C:\Windows\System32\RPCRT4.dll+286b0(wow64)|C:\Windows\System32\RPCRT4.dll+28fa4(wow64)|C:\Windows\System32\RPCRT4.dll+2cbd4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4feb9(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4e41f(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020510Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.132{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+18260|C:\Windows\System32\wow64win.dll+1ccb|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAD322)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\wow64win.dll+f5d4|C:\Windows\System32\wow64win.dll+6410|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae 10341000x800000000000000020509Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.132{2CC55DE6-7101-5FB6-0000-0010396F2900}52206556C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+10f556(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3db69|C:\Windows\System32\RPCRT4.dll+1f878(wow64)|C:\Windows\System32\RPCRT4.dll+21518(wow64)|C:\Windows\System32\RPCRT4.dll+286b0(wow64)|C:\Windows\System32\RPCRT4.dll+28fa4(wow64)|C:\Windows\System32\RPCRT4.dll+2cbd4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4feb9(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4e41f(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020508Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206556C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3b055|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3db2a|C:\Windows\System32\RPCRT4.dll+1f878(wow64)|C:\Windows\System32\RPCRT4.dll+21518(wow64)|C:\Windows\System32\RPCRT4.dll+286b0(wow64)|C:\Windows\System32\RPCRT4.dll+28fa4(wow64)|C:\Windows\System32\RPCRT4.dll+2cbd4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4feb9(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4e41f(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020507Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-70CA-5FB6-0000-001076182900}55005988C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+10f556(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+a4d2(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+9da0(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+159bc(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+d59c(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+93aa(wow64)|C:\Windows\System32\ucrtbase.dll+407af(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020506Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52205300C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3afda|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+37a89|C:\Windows\System32\ucrtbase.dll+8a475(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020505Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52205300C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+37a73|C:\Windows\System32\ucrtbase.dll+8a475(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020504Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020503Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7101-5FB6-0000-0010C67D2900}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020502Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-7101-5FB6-0000-0010C67D2900}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020501Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020500Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020499Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020498Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020497Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020496Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020495Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020494Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020493Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020492Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020491Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020490Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020489Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020488Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020487Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020486Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020485Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020484Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020483Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020482Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020481Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020480Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020479Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020478Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020477Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020476Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020475Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020474Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020473Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020472Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020471Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020470Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020469Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020468Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020467Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020466Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020465Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020464Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020463Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020462Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020461Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020460Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020459Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020458Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020457Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020456Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020455Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020454Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020453Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020452Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020451Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020450Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020449Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020448Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020447Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020446Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020445Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020444Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020443Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020442Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-7101-5FB6-0000-0010C67D2900}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020441Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.116{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7101-5FB6-0000-0010C67D2900}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020440Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.118{2CC55DE6-7101-5FB6-0000-0010C67D2900}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020439Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.101{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020438Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.101{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020437Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.101{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020436Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.101{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020435Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.101{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020434Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.101{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020433Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.101{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020432Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.101{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020431Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.101{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020430Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.085{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020429Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.085{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11362084C:\Windows\system32\svchost.exe{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020428Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.085{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020427Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.057{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020426Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.057{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020425Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.057{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020424Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.056{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020423Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.056{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020422Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.056{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020421Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.056{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020420Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.056{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020419Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.056{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020418Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.056{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020417Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.056{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020416Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.056{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020415Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.056{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020414Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.056{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020413Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020412Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020411Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020410Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020409Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020408Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020407Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020406Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020405Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020404Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020403Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020402Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020401Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.055{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020400Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020399Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020398Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020397Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020396Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020395Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020394Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020393Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020392Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020391Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020390Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020389Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020388Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020387Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020386Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.054{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020385Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020384Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020383Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020382Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020381Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020380Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020379Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020378Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020377Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020376Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020375Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020374Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020373Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-7101-5FB6-0000-0010396F2900}52206284C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020372Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020371Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020370Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020369Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020368Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020367Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020366Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020365Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020364Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020363Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020362Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020361Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.038{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020360Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.023{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365108C:\Windows\system32\csrss.exe{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020359Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.023{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020358Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.023{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020357Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.023{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020356Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.023{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020355Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.023{2CC55DE6-70CA-5FB6-0000-001076182900}55005988C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+a6b8(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+a3be(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+9d8e(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+159bc(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+d59c(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+93aa(wow64)|C:\Windows\System32\ucrtbase.dll+407af(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 154100x800000000000000020354Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.022{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptHost.exe5,4,58891,1115Zoom Sharing HostZoom Video CallZoom Video Communications, Inc.CptHost.exe-event 000008B8 -pid 5500 -evtname cpthost.exe5500-41-08147590 -exitevent 000008D8 -exitevtname cpthost.exe5500_rpcexit-41-08147590 -user_path "C:\Users\Administrator\AppData\Roaming\Zoom"C:\Windows\system32\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=B4CACAF6BD07FFC713768F36CA6EC6C8,SHA256=AF847371F993C4A390A2FA2573A1DA01C3E21DB5053D15448A80401310D1DE95,IMPHASH=8730BB88A605FCFB45E5663DF0C5C8FD{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe --action=preload --runaszvideo=TRUE 10341000x800000000000000020353Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:01.007{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000020529Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.510{2CC55DE6-70CA-5FB6-0000-001076182900}5500images.zoom.us0type: 5 file.zoom.us;type: 5 file-va.zoom.us;type: 5 nginxfileprodnlb-cb40bcbdc33e557a.elb.us-east-1.amazonaws.com;::ffff:3.235.72.244;::ffff:3.235.72.245;::ffff:52.202.62.244;::ffff:52.202.62.249;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 22542200x800000000000000020528Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.341{2CC55DE6-70CA-5FB6-0000-001076182900}5500zoomfr48mmr.fr.zoom.us0::ffff:213.244.140.48;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 22542200x800000000000000020527Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.228{2CC55DE6-70CA-5FB6-0000-001076182900}5500zoomfr84zc.fr.zoom.us0::ffff:213.244.140.84;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 22542200x800000000000000020526Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.196{2CC55DE6-70CA-5FB6-0000-001076182900}5500zoomfr85zc.fr.zoom.us0::ffff:213.244.140.85;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 22542200x800000000000000020525Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:00.077{2CC55DE6-70CA-5FB6-0000-001076182900}5500zoom.us0::ffff:52.202.62.232;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 10341000x800000000000000020545Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:03.023{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7103-5FB6-0000-00106E8D2900}6788C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020544Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:03.023{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020543Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:03.023{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020542Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:03.023{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020541Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:03.023{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020540Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:03.023{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-7103-5FB6-0000-00106E8D2900}6788C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020539Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:03.023{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7103-5FB6-0000-00106E8D2900}6788C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020538Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:03.023{2CC55DE6-7103-5FB6-0000-00106E8D2900}6788C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000020537Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:00.604{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-480.attackrange.local52039false213.244.140.48zoomfr48mmr.zoom.us8801 354300x800000000000000020536Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:00.600{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local62028false3.235.72.244ec2-3-235-72-244.compute-1.amazonaws.com443https 354300x800000000000000020535Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:00.495{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1win-dc-480.attackrange.local62027false127.0.0.1win-dc-480.attackrange.local62026 354300x800000000000000020534Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:00.495{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse127.0.0.1win-dc-480.attackrange.local62027false127.0.0.1win-dc-480.attackrange.local62026 354300x800000000000000020533Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:00.355{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local62025false213.244.140.48zoomfr48mmr.zoom.us443https 354300x800000000000000020532Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:00.230{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local62024false213.244.140.84zoomfr84zc.zoom.us443https 354300x800000000000000020531Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:00.199{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local62023false213.244.140.85zoomfr85zc.zoom.us443https 354300x800000000000000020530Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:00.178{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local62022false52.202.62.232ec2-52-202-62-232.compute-1.amazonaws.com443https 10341000x800000000000000020724Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.851{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020723Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361768C:\Windows\system32\svchost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020722Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020721Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020720Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020719Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020718Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020717Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020716Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020715Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020714Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020713Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020712Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020711Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020710Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020709Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020708Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020707Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020706Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020705Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020704Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020703Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020702Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020701Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020700Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020699Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020698Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020697Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020696Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020695Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020694Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020693Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020692Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020691Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020690Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020689Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020688Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020687Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020686Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020685Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020684Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020683Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020682Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020681Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020680Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020679Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020678Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020677Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020676Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020675Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020674Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020673Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020672Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020671Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020670Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020669Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020668Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a745|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a932|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020667Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020666Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020665Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020664Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020663Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020662Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020661Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020660Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020659Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020658Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020657Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020656Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020655Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020654Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020653Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020652Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020651Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020650Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020649Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020648Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020647Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020646Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+99f3|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020645Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020644Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020643Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020642Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.741{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020641Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020640Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020639Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020638Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020637Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020636Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020635Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020634Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020633Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020632Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020631Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020630Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020629Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020628Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020627Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020626Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020625Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020624Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020623Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020622Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020621Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020620Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020619Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020618Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020617Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020616Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020615Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020614Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.726{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9a07|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9b65|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9ddc|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+9f32|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a038|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a704|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+a7e0|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 534500x800000000000000020613Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.647{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 10341000x800000000000000020612Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020611Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020610Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020609Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020608Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020607Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020606Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020605Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020604Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020603Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020602Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020601Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020600Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020599Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020598Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020597Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020596Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020595Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020594Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020593Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020592Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020591Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020590Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c16|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020589Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020588Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020587Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020586Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020585Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020584Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020583Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020582Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020581Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020580Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020579Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020578Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020577Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020576Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020575Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020574Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020573Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020572Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020571Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020570Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020569Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020568Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020567Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020566Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020565Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020564Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020563Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020562Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020561Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020560Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020559Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020558Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.632{2CC55DE6-710C-5FB6-0000-001039A42900}65846612C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1c2a|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+1d88|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+204c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+23e5|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe+dc0a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020557Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.616{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020556Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.616{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020555Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.616{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020554Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.616{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020553Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.616{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}4836744C:\Windows\system32\csrss.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020552Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.616{2CC55DE6-70C4-5FB6-0000-001096A42800}16325748C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll+2b8d4f(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll+24c337(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll+258757(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll+259408(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll+256a12(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll+258ac2(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll+2589f1(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll+259267(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll+2537f7(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\Cmmlib.dll+6b739(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\zChatApp.dll+1ea699(wow64) 154100x800000000000000020551Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.623{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe5,4,58891,1115Zoom MeetingsZoomZoom Video Communications, Inc.ZoomC:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe --action=reconnect --runaszvideo=TRUE C:\Windows\system32\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=7FE1C23F193D7455E1E259C17A7E9309,SHA256=EC75B4BA6AC299D5785A9ECD2FE1EF0271FA394860E6B7B3276D5F0E52F1031D,IMPHASH=ACEFBBC71EA20411A686BCA9E00A2FE2{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 10341000x800000000000000020550Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.616{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020549Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.261{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020548Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.260{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 534500x800000000000000020547Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.226{2CC55DE6-7101-5FB6-0000-0010396F2900}5220C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptHost.exe 10341000x800000000000000020546Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.210{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70CA-5FB6-0000-001076182900}5500C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020732Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:13.370{2CC55DE6-6AC1-5FB6-0000-001036540000}8601176C:\Windows\system32\lsass.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020731Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:13.370{2CC55DE6-6AC1-5FB6-0000-001036540000}8601176C:\Windows\system32\lsass.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4a8bf|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020730Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:13.270{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020729Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:13.132{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020728Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:13.132{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020727Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:13.132{2CC55DE6-6AC3-5FB6-0000-00108BC70000}12201968C:\Windows\system32\svchost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020726Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:13.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+12cc|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020725Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:13.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020891Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.270{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925552C:\Windows\Explorer.EXE{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+3ada8|C:\Windows\Explorer.EXE+3ac34|C:\Windows\Explorer.EXE+3aba1|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020890Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.270{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51970|C:\Windows\System32\TwinUI.dll+144fa1|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020889Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.270{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24925528C:\Windows\Explorer.EXE{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+144dd9|C:\Windows\System32\TwinUI.dll+14580f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000020888Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:12.400{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1win-dc-480.attackrange.local62032false127.0.0.1win-dc-480.attackrange.local62031 10341000x800000000000000020887Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.194{2CC55DE6-6AD3-5FB6-0000-001065C50200}30963512C:\Windows\sysmon64.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Windows\sysmon64.exe+15618|C:\Windows\sysmon64.exe+16062|C:\Windows\sysmon64.exe+16487|C:\Windows\sysmon64.exe+1991e|C:\Windows\sysmon64.exe+1b8c4|C:\Windows\sysmon64.exe+1bb9f|C:\Windows\sysmon64.exe+1bcb5|C:\Windows\sysmon64.exe+a7d09|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020886Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.194{2CC55DE6-6AD3-5FB6-0000-001065C50200}30963512C:\Windows\sysmon64.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\sysmon64.exe+2515c|C:\Windows\sysmon64.exe+1b75d|C:\Windows\sysmon64.exe+1bb9f|C:\Windows\sysmon64.exe+1bcb5|C:\Windows\sysmon64.exe+a7d09|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000020885Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:12.400{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse127.0.0.1win-dc-480.attackrange.local62032false127.0.0.1win-dc-480.attackrange.local62031 10341000x800000000000000020884Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.194{2CC55DE6-6AD3-5FB6-0000-001065C50200}30963512C:\Windows\sysmon64.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Windows\sysmon64.exe+15618|C:\Windows\sysmon64.exe+16062|C:\Windows\sysmon64.exe+16487|C:\Windows\sysmon64.exe+1991e|C:\Windows\sysmon64.exe+1b8c4|C:\Windows\sysmon64.exe+1bb9f|C:\Windows\sysmon64.exe+1bcb5|C:\Windows\sysmon64.exe+a7d09|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020883Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.194{2CC55DE6-6AD3-5FB6-0000-001065C50200}30963512C:\Windows\sysmon64.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\sysmon64.exe+2515c|C:\Windows\sysmon64.exe+1b75d|C:\Windows\sysmon64.exe+1bb9f|C:\Windows\sysmon64.exe+1bcb5|C:\Windows\sysmon64.exe+a7d09|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020882Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.164{2CC55DE6-710C-5FB6-0000-001039A42900}65846724C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-710E-5FB6-0000-0010CBD22900}4388C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+10f556(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+1a659(wow64)|C:\Windows\System32\RPCRT4.dll+1f878(wow64)|C:\Windows\System32\RPCRT4.dll+21518(wow64)|C:\Windows\System32\RPCRT4.dll+286b0(wow64)|C:\Windows\System32\RPCRT4.dll+28fa4(wow64)|C:\Windows\System32\RPCRT4.dll+2cbd4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4feb9(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4e41f(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020881Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.147{2CC55DE6-710C-5FB6-0000-001039A42900}65846724C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-710E-5FB6-0000-0010CBD22900}4388C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+1881c(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+1a61a(wow64)|C:\Windows\System32\RPCRT4.dll+1f878(wow64)|C:\Windows\System32\RPCRT4.dll+21518(wow64)|C:\Windows\System32\RPCRT4.dll+286b0(wow64)|C:\Windows\System32\RPCRT4.dll+28fa4(wow64)|C:\Windows\System32\RPCRT4.dll+2cbd4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4feb9(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4e41f(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020880Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.147{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+18260|C:\Windows\System32\wow64win.dll+1ccb|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAD322)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\wow64win.dll+f5d4|C:\Windows\System32\wow64win.dll+6410|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae 10341000x800000000000000020879Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.147{2CC55DE6-710E-5FB6-0000-0010CBD22900}43887164C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+10f556(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3db69|C:\Windows\System32\RPCRT4.dll+1f878(wow64)|C:\Windows\System32\RPCRT4.dll+21518(wow64)|C:\Windows\System32\RPCRT4.dll+286b0(wow64)|C:\Windows\System32\RPCRT4.dll+28fa4(wow64)|C:\Windows\System32\RPCRT4.dll+2cbd4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4feb9(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4e41f(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020878Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43887164C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3b055|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3db2a|C:\Windows\System32\RPCRT4.dll+1f878(wow64)|C:\Windows\System32\RPCRT4.dll+21518(wow64)|C:\Windows\System32\RPCRT4.dll+286b0(wow64)|C:\Windows\System32\RPCRT4.dll+28fa4(wow64)|C:\Windows\System32\RPCRT4.dll+2cbd4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4feb9(wow64)|C:\Windows\SYSTEM32\ntdll.dll+4e41f(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020877Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710C-5FB6-0000-001039A42900}65843380C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-710E-5FB6-0000-0010CBD22900}4388C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+10f556(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+a4d2(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+9da0(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+159bc(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+d59c(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+93aa(wow64)|C:\Windows\System32\ucrtbase.dll+407af(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020876Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43885304C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3afda|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+37a89|C:\Windows\System32\ucrtbase.dll+8a475(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020875Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43885304C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+37a73|C:\Windows\System32\ucrtbase.dll+8a475(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020874Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-6BC6-5FB6-0000-0010A5540800}45524256C:\Windows\system32\taskhostw.exe{2CC55DE6-710E-5FB6-0000-0010CBD22900}4388C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020873Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020872Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020871Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020870Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020869Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020868Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020867Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020866Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020865Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020864Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020863Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020862Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020861Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020860Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020859Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020858Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020857Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020856Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020855Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020854Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020853Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020852Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020851Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020850Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020849Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020848Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020847Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020846Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020845Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020844Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020843Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020842Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020841Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020840Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020839Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020838Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|UNKNOWN(0000000070DC5D44)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020837Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020836Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|UNKNOWN(000000006F1A24F3)|UNKNOWN(000000006F1A2323)|UNKNOWN(000000006F19B644)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020835Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020834Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020833Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020832Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020831Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020830Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020829Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020828Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020827Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020826Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020825Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020824Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020823Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020822Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020821Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020820Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020819Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+324f3(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+32323(wow64)|C:\Windows\SYSTEM32\WINSTA.dll+2b644(wow64)|C:\Windows\SYSTEM32\Wtsapi32.dll+5d44(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+39f3c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3a695|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3980b|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+3993c|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020818Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020817Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020816Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020815Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.132{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020814Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020813Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020812Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020811Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020810Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020809Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-710E-5FB6-0000-0010CBD22900}4388C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+61b6a|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020808Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.101{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11362084C:\Windows\system32\svchost.exe{2CC55DE6-710E-5FB6-0000-0010CBD22900}4388C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020807Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.101{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}11361552C:\Windows\system32\svchost.exe{2CC55DE6-710E-5FB6-0000-0010CBD22900}4388C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020806Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020805Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70C4-5FB6-0000-001096A42800}1632C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020804Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-70B4-5FB6-0000-001033C12700}6680C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020803Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-708E-5FB6-0000-0010F8072700}3384C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020802Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-7049-5FB6-0000-00104C282600}7016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020801Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702C-5FB6-0000-001095742500}6444C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020800Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010003F2500}6560C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020799Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010CA392500}812C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020798Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702B-5FB6-0000-0010EB2E2500}940C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020797Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020796Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BD9-5FB6-0000-001030F40B00}5756C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020795Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020794Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020793Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC6-5FB6-0000-0010E9500800}3836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020792Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020791Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6BC4-5FB6-0000-0010B4200700}4868C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020790Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B62-5FB6-0000-001082CD0600}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020789Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B5C-5FB6-0000-00101FA80600}2624C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020788Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B54-5FB6-0000-00105D4F0600}4708C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020787Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020786Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6B51-5FB6-0000-00103E180600}4144C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020785Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AEB-5FB6-0000-0010EE5A0500}4184C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020784Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AEB-5FB6-0000-0010E7590500}4168C:\Windows\system32\WinrsHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1964(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020783Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010F1FC0200}3636C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020782Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00108FCA0200}3196C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020781Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00109CCA0200}3188C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020780Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-001065C90200}3176C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020779Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010A3C50200}3104C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020778Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020777Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00107FC50200}3088C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020776Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-00103DC50200}3080C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020775Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010B2C10200}2900C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020774Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010A2C10200}2880C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020773Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AD3-5FB6-0000-0010C7BE0200}2496C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020772Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACC-5FB6-0000-0010F2A00200}2688C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020771Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACA-5FB6-0000-001039980200}3052C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020770Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ACA-5FB6-0000-0010BA970200}3044C:\Users\Public\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020769Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010437E0100}2312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020768Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-00107A000100}1716C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020767Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010E8ED0000}1564C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020766Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010FDD70000}1352C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020765Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}1304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020764Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-001091C70000}1228C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020763Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-00108BC70000}1220C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020762Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010C0B90000}1136C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020761Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-0010BCB90000}1128C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020760Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC3-5FB6-0000-001010B40000}1088C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020759Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020758Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC2-5FB6-0000-001001660000}608C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020757Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC1-5FB6-0000-001036540000}860C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020756Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-001053530000}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020755Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-00104F4A0000}780C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020754Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6AC0-5FB6-0000-00100E470000}716C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020753Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ABF-5FB6-0000-0010D32A0000}448C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020752Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.070{2CC55DE6-710E-5FB6-0000-0010CBD22900}43881980C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe{2CC55DE6-6ABF-5FB6-0000-0010EB030000}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+1977(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+2141(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+27e5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\DllSafeCheck.dll+60b5(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe+43c2a|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x800000000000000020751Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.063{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020750Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.063{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020749Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.062{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+50e44|C:\Windows\System32\SHELL32.dll+51f47|C:\Windows\Explorer.EXE+2fd1a|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020748Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.061{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020747Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.061{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020746Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.061{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24924500C:\Windows\Explorer.EXE{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+3007c|C:\Windows\Explorer.EXE+30028|C:\Windows\Explorer.EXE+2fccc|C:\Windows\Explorer.EXE+2ff29|C:\Windows\Explorer.EXE+2fc59|C:\Windows\Explorer.EXE+3ab97|C:\Windows\System32\windows.storage.dll+f51c7|C:\Windows\System32\windows.storage.dll+f3f4f|C:\Windows\System32\windows.storage.dll+f246f|C:\Windows\System32\SHCORE.dll+328c6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020745Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.061{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020744Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.060{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020743Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.060{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020742Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.060{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020741Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.060{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-70C6-5FB6-0000-001097EA2800}4200C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020740Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.057{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020739Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.057{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020738Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.057{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020737Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.057{2CC55DE6-6AC2-5FB6-0000-001001660000}6081172C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020736Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.056{2CC55DE6-6BC4-5FB6-0000-0010D51E0700}48365108C:\Windows\system32\csrss.exe{2CC55DE6-710E-5FB6-0000-0010CBD22900}4388C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020735Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.056{2CC55DE6-710C-5FB6-0000-001039A42900}65843380C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe{2CC55DE6-710E-5FB6-0000-0010CBD22900}4388C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+a6b8(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+a3be(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+9d8e(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+159bc(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+d59c(wow64)|C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptShare.dll+93aa(wow64)|C:\Windows\System32\ucrtbase.dll+407af(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 154100x800000000000000020734Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.056{2CC55DE6-710E-5FB6-0000-0010CBD22900}4388C:\Users\Administrator\AppData\Roaming\Zoom\bin\CptHost.exe5,4,58891,1115Zoom Sharing HostZoom Video CallZoom Video Communications, Inc.CptHost.exe-event 00000914 -pid 6584 -evtname cpthost.exe6584-41-07EB2688 -exitevent 00000928 -exitevtname cpthost.exe6584_rpcexit-41-07EB2688 -user_path "C:\Users\Administrator\AppData\Roaming\Zoom"C:\Windows\system32\ATTACKRANGE\Administrator{2CC55DE6-6BC5-5FB6-0000-002079FC0700}0x7fc792HighMD5=B4CACAF6BD07FFC713768F36CA6EC6C8,SHA256=AF847371F993C4A390A2FA2573A1DA01C3E21DB5053D15448A80401310D1DE95,IMPHASH=8730BB88A605FCFB45E5663DF0C5C8FD{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeC:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe --action=reconnect --runaszvideo=TRUE 10341000x800000000000000020733Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:14.056{2CC55DE6-6AC3-5FB6-0000-0010C1CF0000}13041080C:\Windows\System32\svchost.exe{2CC55DE6-710E-5FB6-0000-0010CBD22900}4388C:\Users\Administrator\AppData\Roaming\Zoom\bin\cpthost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000020899Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:13.385{2CC55DE6-710C-5FB6-0000-001039A42900}6584zoomfr48mmr.fr.zoom.us0::ffff:213.244.140.48;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 22542200x800000000000000020898Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:13.323{2CC55DE6-710C-5FB6-0000-001039A42900}6584zoomfr84zc.fr.zoom.us0::ffff:213.244.140.84;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 22542200x800000000000000020897Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:13.323{2CC55DE6-710C-5FB6-0000-001039A42900}6584zoomfr85zc.fr.zoom.us0::ffff:213.244.140.85;C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 22542200x800000000000000020896Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:12.868{2CC55DE6-710C-5FB6-0000-001039A42900}6584wpad9003C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe 354300x800000000000000020895Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:13.635{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-480.attackrange.local64895false213.244.140.48zoomfr48mmr.zoom.us8801 354300x800000000000000020894Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:13.403{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local62035false213.244.140.48zoomfr48mmr.zoom.us443https 354300x800000000000000020893Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:13.342{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local62034false213.244.140.84zoomfr84zc.zoom.us443https 354300x800000000000000020892Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.localUsermode2020-11-19 13:20:13.340{2CC55DE6-710C-5FB6-0000-001039A42900}6584C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-480.attackrange.local62033false213.244.140.85zoomfr85zc.zoom.us443https 10341000x800000000000000020901Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:30.169{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+6437|C:\Windows\System32\SHCORE.dll+6327|C:\Windows\System32\SHCORE.dll+629d|C:\Windows\System32\SHCORE.dll+61aa|C:\Windows\System32\SHELL32.dll+46770|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd 10341000x800000000000000020900Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:30.169{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}24922956C:\Windows\Explorer.EXE{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+6468|C:\Windows\System32\SHCORE.dll+124a5|C:\Windows\System32\SHELL32.dll+46251|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF800C1ADB8D8)|UNKNOWN(FFFFE7DBCDAB21F8)|UNKNOWN(FFFFE7DBCDAB2377)|UNKNOWN(FFFFE7DBCDAACA01)|UNKNOWN(FFFFE7DBCDAAE3CA)|UNKNOWN(FFFFE7DBCDAAC686)|UNKNOWN(FFFFF800C17F2E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+49fdb|C:\Windows\System32\SHELL32.dll+10a26a|C:\Windows\System32\SHCORE.dll+2fedd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020923Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020922Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020921Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020920Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020919Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020918Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020917Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020916Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020915Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020914Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020913Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020912Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020911Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020910Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BC7-5FB6-0000-00105B8D0800}2492C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020909Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020908Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020907Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020906Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020905Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020904Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020903Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020902Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:40.585{2CC55DE6-6AC2-5FB6-0000-001012AA0000}996636C:\Windows\system32\svchost.exe{2CC55DE6-6BD9-5FB6-0000-001034D60B00}5592C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42269|c:\windows\system32\rpcss.dll+423a2|c:\windows\system32\rpcss.dll+426df|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000020925Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:45.724{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d2nxq2uap88usk.cloudfront.net02600:9000:214f:e600:a:da5e:7900:93a1;2600:9000:214f:f000:a:da5e:7900:93a1;2600:9000:214f:800:a:da5e:7900:93a1;2600:9000:214f:c00:a:da5e:7900:93a1;2600:9000:214f:1200:a:da5e:7900:93a1;2600:9000:214f:4600:a:da5e:7900:93a1;2600:9000:214f:a200:a:da5e:7900:93a1;2600:9000:214f:d800:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000020924Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:45.717{2CC55DE6-702A-5FB6-0000-0010DF0A2500}6900d2nxq2uap88usk.cloudfront.net0143.204.201.20;143.204.201.58;143.204.201.62;143.204.201.102;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000020933Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:57.912{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-7139-5FB6-0000-001063F92900}2356C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020932Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:57.912{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020931Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:57.912{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020930Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:57.912{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020929Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:57.912{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020928Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:57.912{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-7139-5FB6-0000-001063F92900}2356C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020927Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:57.912{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-7139-5FB6-0000-001063F92900}2356C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020926Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:57.913{2CC55DE6-7139-5FB6-0000-001063F92900}2356C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020941Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:58.709{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-713A-5FB6-0000-00103AFB2900}6640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020940Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:58.709{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020939Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:58.709{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020938Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:58.709{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020937Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:58.709{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020936Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:58.709{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-713A-5FB6-0000-00103AFB2900}6640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020935Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:58.709{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-713A-5FB6-0000-00103AFB2900}6640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020934Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:58.710{2CC55DE6-713A-5FB6-0000-00103AFB2900}6640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020950Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:59.368{2CC55DE6-713B-5FB6-0000-0010EFFC2900}45166456C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020949Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:59.209{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-713B-5FB6-0000-0010EFFC2900}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020948Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:59.209{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020947Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:59.209{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020946Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:59.209{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020945Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:59.209{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020944Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:59.209{2CC55DE6-6AC0-5FB6-0000-001004430000}6442416C:\Windows\system32\csrss.exe{2CC55DE6-713B-5FB6-0000-0010EFFC2900}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020943Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:59.209{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-713B-5FB6-0000-0010EFFC2900}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020942Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:20:59.211{2CC55DE6-713B-5FB6-0000-0010EFFC2900}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020959Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:00.522{2CC55DE6-713C-5FB6-0000-0010B3FE2900}67366800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020958Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:00.369{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-713C-5FB6-0000-0010B3FE2900}6736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020957Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:00.368{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020956Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:00.368{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020955Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:00.368{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020954Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:00.368{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020953Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:00.368{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-713C-5FB6-0000-0010B3FE2900}6736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020952Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:00.368{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-713C-5FB6-0000-0010B3FE2900}6736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020951Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:00.367{2CC55DE6-713C-5FB6-0000-0010B3FE2900}6736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020978Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.944{2CC55DE6-713D-5FB6-0000-001018022A00}69323120C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020977Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.803{2CC55DE6-6AC2-5FB6-0000-001012AA0000}9965400C:\Windows\system32\svchost.exe{2CC55DE6-6BC6-5FB6-0000-00104B3F0800}4376C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020976Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.787{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-713D-5FB6-0000-001018022A00}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020975Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.787{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020974Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.787{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020973Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.787{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020972Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.787{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020971Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.787{2CC55DE6-6AC0-5FB6-0000-001004430000}644792C:\Windows\system32\csrss.exe{2CC55DE6-713D-5FB6-0000-001018022A00}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020970Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.787{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-713D-5FB6-0000-001018022A00}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020969Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.788{2CC55DE6-713D-5FB6-0000-001018022A00}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020968Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.269{2CC55DE6-713D-5FB6-0000-00104F002A00}35766956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020967Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.116{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-713D-5FB6-0000-00104F002A00}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020966Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020965Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020964Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020963Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.116{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020962Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.116{2CC55DE6-6AC0-5FB6-0000-001004430000}6441148C:\Windows\system32\csrss.exe{2CC55DE6-713D-5FB6-0000-00104F002A00}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020961Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.116{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-713D-5FB6-0000-00104F002A00}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020960Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:01.116{2CC55DE6-713D-5FB6-0000-00104F002A00}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe?????"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000020986Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:03.022{2CC55DE6-6B54-5FB6-0000-00105D4F0600}47084700C:\Windows\system32\conhost.exe{2CC55DE6-713F-5FB6-0000-001052042A00}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020985Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:03.022{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020984Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:03.022{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020983Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:03.022{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020982Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:03.022{2CC55DE6-6AC2-5FB6-0000-001001660000}6081104C:\Windows\system32\svchost.exe{2CC55DE6-6AD3-5FB6-0000-001065C50200}3096C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78693|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6145c|C:\Windows\System32\RPCRT4.dll+52964|C:\Windows\System32\RPCRT4.dll+5187d|C:\Windows\System32\RPCRT4.dll+5212b|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020981Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:03.022{2CC55DE6-6AC0-5FB6-0000-001004430000}644660C:\Windows\system32\csrss.exe{2CC55DE6-713F-5FB6-0000-001052042A00}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000020980Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:03.022{2CC55DE6-6B54-5FB6-0000-0010874A0600}45283880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2CC55DE6-713F-5FB6-0000-001052042A00}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000020979Microsoft-Windows-Sysmon/Operationalwin-dc-480.attackrange.local2020-11-19 13:21:03.023{2CC55DE6-713F-5FB6-0000-001052042A00}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2CC55DE6-6AC1-5FB6-0000-0020E7030000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{2CC55DE6-6B54-5FB6-0000-0010874A0600}4528C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service